In this case, less meant more — because the bots’ concurrent sophistication since 2021 had been making up for the lower numbers.

According to years-long monitoring of internet bot activity and other effects, one cybersecurity firm has released a report stating that 48% “of all internet traffic” is now bot traffic and that bad bots account for 30% of traffic.

According to the report, that 30% of bad bot traffic is down from the 39% of the data gleaned in 2021 bot monitoring. Despite this, bot attacks have evolved to become more advanced, and they are causing increases in account takeover attacks, including attacks against Application Programming Interfaces (APIs).

While good bots are primarily search engine crawlers or content monitors, which are part of the general functioning of the internet, bad bots are designed with nefarious goals ranging from basic scraping to more-sophisticated distributed denial-of-service attacks.

General bot findings

In their analysis for the first six months of 2023, researchers from Barracuda saw 72% of bad bot traffic originating in the US, followed by the United Arab Emirates (12%), Saudi Arabia (6%), Qatar (5%), and India (5%). Note that the traffic source is skewed toward US origins because 67% of bad bot traffic comes from public cloud data centers’ IP ranges. Also:

    • With connections to 600 ports globally, shippers have access to daily sailings to every major port in the world, operating 24/7, all year round.
    • Most of the bad bot traffic originated from two large public clouds: AWS and Azure in roughly equal measure, possibly because it is easy to set up an account for free with either provider and then use the account to set up bad bots.
    • Up to a third of bad bot traffic monitored was coming from residential IP addresses, which Barracuda researchers believe to be from bot creators trying to hide by using residential IP addresses through proxies to bypass IP blocks.

Said Mark Lukie, Director of Solution Architects, Barracuda (Asia-Pacific): “(Bad) bots are getting cleverer, and attacks against APIs are increasing. This is likely due to many organizations having weak authentication and access policies, plus a lack of bot specific security measures… protecting against these attacks is getting easier thanks to solutions that consolidate Web Application and API Protection (WAAP) services. Beyond this, ensure that your web application firewall or WAF-as-a-Service is configured with rate limiting and monitoring, and that you have credential stuffing protection.”