One cybersecurity firm has detected rising levels of sophisticated bot attacks in its user base in tandem with digitalization and automation.
According to a cybersecurity firm’s Bad Bot threat report, this menace accounted for 27.7% of all global website traffic (25.9% for APAC) analyzed in its user ecosystem in 2021, up from 25.6% in 2020.
The three most common bot attacks were account takeover (ATO), content or price scraping, and scalping to obtain limited-availability items.
Of the customers in five APAC countries analyzed, those in Singapore had the highest proportion of bad bot traffic at 39.1%, followed by China customers with 38.6% of bad bot traffic. Next in line were Australia (25.7%), New Zealand (20.3%), and Japan (16.9%) customers.
Other findings
The report notes that bad bot traffic has been rising at a time when organizations are investing in improving customer experiences (CX) online via new online functionality and the development of expansive API ecosystems.
Unfortunately, this array of new endpoints is a ripe target for automated attacks by bad bot operators, as shown in the following trends detected within its own customers’ systems:
- 64.1% of ATO ecosystem attacks in 2021 employed an advanced bad bot. Financial Services were the most targeted industry (34.6%), followed by Travel (23.2%). The US was the leading source of ATO attacks (54%) in 2021.
- 34.2%, 33.8% and 8.8% of attacks respectively, originating from sophisticated bad bots, were found across Travel, Retail and Financial Services customers.
- 35.6% of bad bots hid as mobile web browsers: Mobile user agents were a popular disguise for bad bot traffic in the firm’s user ecosystem 2021, accounting for more than one-third of all internet traffic, increasing from 28.1% in 2020. Bots had even exploited Mobile Safari’s ‘improved’ user privacy settings to evade detection.
- Moderately-advanced and sophisticated bad bots (making up 65.6% of global bad bot traffic in the user ecosystem) eluded standard security defenses by using the latest evasion techniques such as cycling through random IPs, entering through anonymous proxies, changing identities, and mimicking human behavior.
- In APAC, evasive bots made up 71.1% of all bad bot traffic found in the firm’s user ecosystem. China customers had the highest penetration of evasive bots (86.5%), while Australia had the highest penetration of the advanced bots (36.3%). This breed of sophisticated bot produced mouse movements and clicks that fooled even sophisticated detection methods: the bots mimicked human behavior and were the most difficult to stop.
According to Reinhart Hansen, Director of Technology, Imperva, Inc, which released the report: “Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromises, higher infrastructure and support costs, customer churn, and degraded online services. With automated fraud growing in intensity and complexity, APAC organizations need to urgently implement advanced bot protection to safeguard their customers’ interests.”