Six other trends gleaned from the firm’s own data:

    • Customers from Ireland (71%), Germany (67.5%), and Mexico (42.8%) saw the highest levels of bad bot traffic in 2023. Those in Japan (17.7%) recorded the lowest level of bad bot traffic in the data analyzed.
    • Rapid adoption of generative AI and large language models likely increased the volume of simple bots globally to 39.6% in 2023, up from 33.4% in 2022. Australia had a high volume of simple bots (70.6%) – 31% higher than the global average. The industries in APAC with the highest proportion of simple bot traffic in the firm’s 2023 data were Automotive (100%), Telecom and ISPs (77.53%), and Healthcare (68.21%).
    • For a second consecutive year, the firm’s global data showed the Gaming industry (57.2%) having the largest proportion of bad bot traffic. Meanwhile, Retail (24.4%), Travel (20.7%), and Financial Services (15.7%) experienced the highest volume of bot attacks. The proportion of advanced bad bots, those that closely mimic human behavior and evade defenses, was highest in Law & Government (75.8%), Entertainment (70.8%), and Financial Services (67.1%) websites. APAC industries with the highest proportion of advanced bot traffic were Gaming (86.04%), Financial Services (73.61%), and Gambling (72.64%).
    • Account takeover attacks increased 10% in 2023, compared to the firm’s data for the same period in 2022. Notably, 44% of all such attacks targeted API endpoints, compared to 35% in 2022. Of all login attempts in the data, 11% were associated with account takeover attacks. The industries that saw the highest volume of such attacks in 2023 were Financial Services (36.8%), Travel (11.5%), and Business Services (8%).
    • Business Logic Attacks/vulnerabilities and automated threats comprised 30% of API attacks in the 2023 data, with 17% involving of bad bots exploiting business logic vulnerabilities. Cybercriminals use automated bots to find and exploit APIs, which act as a direct pathway to sensitive data, making them a prime target for business logic abuse.
    • Bad bot traffic originating from residential ISPs had grown to 25.8%: Bad bots masquerading as mobile user agents accounted for 44.8% of all bad bot traffic in the past year, up from 28.1% in the firm’s data five years ago. Residential proxies allow bot operators to evade detection by making it appear as if the origin of net traffic is a legitimate, ISP-assigned residential IP address.