Malicious bots, software applications that perform malicious and automated tasks, will account for a record 27.7% of global website traffic in 2021, up from 25.6% in 2020, according to Imperva reports. occupied. The three most common bot attacks were account takeover (ATO), content or price scraping, and scalping to obtain exclusive items.
Malicious bots are often the first sign of online fraud and represent a risk to digital businesses and their customers. In 2021, evasive bad bots (groups of moderate and advanced bad bots that bypass standard security defenses) accounted for 65.6% of his total bad bot traffic. This type of bot uses modern evasion techniques such as crawling random IPs, infiltrating through anonymous proxies, changing identities, and mimicking human behavior to avoid detection.
Malicious bots enable rapid exploitation, misuse, and attacks on websites, mobile apps, and APIs. A successful attack can steal personal information, credit card data, and loyalty points. For organizations, automated abuse and online fraud lead to violations of data privacy and trade regulations. Malicious bot traffic is on the rise as organizations invest in improving their customer experience online. The result has been the development of more digital services, new online capabilities, and an extensive API ecosystem. Unfortunately, this new set of endpoints are easy targets for automated attacks by malicious bot operators.
Ryan Windham, vice president of application security at Imperva, said: “As automated fraud grows in intensity and complexity, advanced bot protection is essential to prevent the growing threat digital businesses and consumers face from malicious bots.”
Main findings
- Account takeovers increased 148% in 2021: By 2021, 64.1% of ATO attacks used advanced bad bots. The most targeted industry was financial services (34.6%), followed by travel (23.2%). The United States was the leading source country (54%) for her ATO attacks in 2021. The impact of account takeover is far-reaching. Successful attacks can lock customers out of their accounts and give fraudsters access to sensitive information that can be stolen or misused. For businesses, ATO leads to lost revenue, risk of breaching data privacy regulations, and damage to reputation.
- Travel, retail and financial services targeted by malicious bots: The volume of attacks originating from advanced malicious bots will be most prominent in travel (34.2%), retail (33.8%), and financial services (8.8%) in 2021. Behind the user login portal for websites and mobile apps.
- Percentage of malicious bot traffic varies by country: In 2021, Germany (39.6%), Singapore (39.1%), and Canada (30.2%) will have the highest volume of malicious bot traffic, followed by the US (29.1%) and UK (29.7%) was Global average of malicious bot traffic (27.7%).
- 35.6% of malicious bots hide as mobile web browsers: Mobile user-agents will be a popular disguise for malicious bot traffic in 2021, accounting for over one-third of all internet traffic, up from 28.1% in 2020. Mobile Safari was a popular agent in 2021 as bots exploited the browser’s improved user privacy. Settings that mask those behaviors and make them harder to detect.
The study concluded that no industry was immune to malicious bot activity in 2021. 2021 has made headlines with bots hoarding popular gaming consoles and clogging vaccine appointment schedule sites, but regardless of the level of bot traffic on a website, significant Downtime may occur and performance may suffer. It makes the service unreliable.
