With 30.2% of Internet traffic in Australia associated with Bad Bots in 2023, and 20% YoY growth, Imperva’s 2024 Bad Bot Report is a global analysis of automated bot traffic across the Internet. Reinhart Hansen, the Director of Technology in Imperva’s CTO Office joined me in a great video interview to discuss it all, and more!
Imperva, is a Thales company, which protects critical applications, Application Programming Interfaces (APIs), and data. The companyrecently announced the release of its 2024 Imperva Bad Bot Report, a global analysis of automated bot traffic across the Internet.
The report found that nearly half of all global internet traffic came from bots in 2023 – the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of global web traffic associated with bad bots rose, reaching 32% in 2023, up from 30.2% in 2022, while traffic from human users decreased to 50.4%.
Australia remained in the top three countries targeted by bad bots, representing 8.4% of all bot attacks globally; ranking third behind the USA and the Netherlands. Bots (good and bad) now make up 36.4% of the country’s total internet traffic, underscoring that businesses across the nation still face a threat from malicious and automated traffic. Australia’s bad bot traffic grew to 30.2% in 2023, an increase of 23.2% year-on-year (YoY).
Details from the report continue below, and you’ll also find a summary of the topics we spoke about, but first, here’s the video interview with Reinhart:
Reinhart Hansen, Director of Technology, Asia Pacific and Japan, at Imperva, a Thales company, stressed the criticality of taking proactive steps against bad bots as they grow in sophistication. “With attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails, a proactive stance is essential to prevent data breaches, account takeovers, and large-scale data theft. From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organisation’s bottom line by degrading online services and forcing more investment in infrastructure and customer support. Organisations in Australia must proactively confront the menace of bad bots as attackers sharpen their focus on API-related abuses that can lead to compromised accounts and data exfiltration,” he added.
Key trends identified in the 2024 Imperva Bad Bot Report include:
- Global average of bad bot traffic grew to 32%: Ireland (71%), Germany (67.5%), and Mexico (42.8%), saw the highest levels of bad bot traffic in 2023. In APAC, Singapore notably experienced a high level of bad bot traffic, accounting for 35.2%, surpassing the global average. In contrast, Japan recorded the lowest level of bad bot traffic at 17.7%.
Growing use of generative AI connected to the rise in simple bots: Generative AI and large language models (LLMs) technology use web scraping bots and automated crawlers to feed training models, while enabling nontechnical users to write automated scripts for their own use. The rapid adoption of generative AI resulted in the volume of simple bots increasing to 39.6% in 2023, up from 33.4% in 2022. Australia in particular, has a high volume of simple bots (70.6%) – 31% higher than the global average. The industriesin Australia with the highest proportion of simple bot traffic are Business (88%), Retail (87%), and Lifestyle (82%).
- The gaming industry continues to experience the highest levels of bad bot traffic: Globally, for the second year in a row, gaming (57.2%) experienced the highest proportion of bad bot traffic. This trend mirrors the situation in Australia, where bad bots made up 75.19% of all traffic in the gaming industry. The other two industries which experiences the highest proportion of bad bot traffic are Sports (63.38%), and Healthcare (61.23%).
- Account takeover is a persistent business risk: Account takeover (ATO) attacks increased 10% in 2023, compared to the same period in the prior year. Notably, 44% of all ATO attacks targeted API endpoints, compared to 35% in 2022. Of all login attempts across the internet, 11% were associated with account takeover. The industries that saw the highest volume of ATO attacks in 2023 were Financial Services (36.8%), Travel (11.5%), and Business Services (8%).
- APIs are a popular vector for attack: Automated threats caused a significant proportion (30%) of API attacks in 2023 globally. Among them, 17% were bad bots exploiting business logic vulnerabilities—a flaw within the API’s design and implementation that allows attackers to manipulate legitimate functionality and gain access to sensitive data or user accounts. Cybercriminals use automated bots to find and exploit APIs, which act as a direct pathway to sensitive data, making them a prime target for business logic abuse.
- Bad bot traffic originating from residential ISPs grew to 25.8%: Early bad bot evasion techniques relied on masquerading as a user agent (browser) commonly used by legitimate human users. Sophisticated actors combine mobile user agents with the use of residential or mobile ISPs. Residential proxies allow bot operators to evade detection by making it appear as if the origin of the traffic is a legitimate, ISP-assigned residential IP address. Bad bots masquerading as mobile user agents accounted for 44.8% of all bad bot traffic in the past year, up from 28.1% just five years ago.
“Organisations face substantial financial losses every year due to automated traffic, a concern that cuts across all industries,” notes George Lee, Senior Vice President for Asia Pacific and Japan at Imperva. “Automated bots are on track to outnumber human-generated internet traffic, and with the proliferation of AI-powered tools, their presence is becoming increasingly pervasive. It’s imperative for enterprises to prioritise investment in bot management and API security solutions to effectively combat the threat posed by malicious automated traffic.”
Here is an AI generated summary of the video interview above, created by the Plaud.AI service, using ChatGPT-4o – I think it did a really great job of capturing and summarising our discussion!
1. Cybersecurity and Data Protection
- Imperva’s Evolution
Imperva has been a cybersecurity leader for over 20 years, pioneering the web application firewall market and evolving into WAP plus API security and data security. - AI in Scientific Research
AI is being used positively in scientific research, such as mapping protein structures and accelerating disease research, which would have taken thousands of years otherwise. - Bad Bots
Bad bots are automated software designed for undesirable tasks like scraping content and performing credential attacks. They make up a significant portion of internet traffic. - AI and Cybersecurity
AI can help cybercriminals by generating code for bots, making it easier to exploit vulnerabilities like the recent OpenSSH regression. - Data Security
Data security is crucial but often neglected. Organizations need to focus on protecting data in motion and at rest, and monitoring data access to detect anomalies. - Encryption and Key Management
Encryption of data at rest and in motion is essential, along with effective key management to handle the encryption and decryption processes. - Monitoring Data Access
Monitoring who accesses data and using AI to detect anomalous access can help reduce the impact of data breaches. - Imperva’s Solutions
Imperva offers solutions that include encryption, key management, and monitoring data access using AI to detect and act on anomalous behavior.
2. Data Security and Compliance
- Data Discovery and Classification
The first step in the data life cycle is identifying and classifying data, determining its location, and understanding its sensitivity. - Data Controls
Once data is identified, appropriate controls such as encryption, tokenization, and masking should be applied to comply with regulations like the Data Privacy Act. - Regulatory Compliance
Regulations like GDPR and the Australian Data Privacy Act require specific data handling practices, including treating IP addresses as PII (personally identifiable information). - Data Access Monitoring
Monitoring data access is crucial to detect misuse and breaches. Many enterprises lack visibility into how data is used, leading to challenges in breach detection. - Data Breach Impact
In the event of a data breach, companies often do not know the exact amount of data compromised, leading to estimates and assumptions. - Platform Maturity
The maturity and sophistication of the Imperva platform, known as Data Security Fabric, is discussed, highlighting its evolution and capabilities. - Customer Onboarding
The typical customer onboarding journey involves data discovery, classification, protection, and monitoring, especially in industries like financial services. - Critical Infrastructure
Critical infrastructure entities, including utilities and banks, are required to have mature risk management frameworks for IT and data security.
3. Cybersecurity Challenges and AI Advancements
- Risk Management in Banks
Banks are adept at risk management and mitigation, extending these skills to managing data assets. - Imperva’s Bad Bot Report
The report, now in its 11th year, highlights bad bot activities across various industries, with different challenges for retailers and financial institutions. - Challenges Faced by Online Retailers
Online retailers face issues like content scraping, credential stuffing, and industry stealth, where bots buy up products to resell at higher prices. - Ticket Scalping
Bots pre-register with ticketing companies to buy tickets in bulk, jumping queues and frustrating genuine consumers. - Sophistication of Bots
AI advancements lead to more sophisticated bots, but even simple bots can be effective in attacks. - Large Language Models and Cybersecurity
Large language models can be misused, and prompt injection can bypass guardrails, posing significant cybersecurity risks. - Gaming Industry and Bad Bots
The gaming industry sees a high percentage of bad bot activities, with Australia being a significant target due to its high median wealth. - APIs as Attack Vectors
APIs are increasingly targeted for attacks, requiring robust security measures to protect data and systems. - Future of AI and Cybersecurity
AI technology may hit its limits, and the cat-and-mouse game between cybercriminals and cybersecurity vendors will continue. - Importance of Continuous Learning
Continuous learning and stepping outside comfort zones are crucial for personal and professional growth. - Prompt Engineering
Understanding prompt engineering is valuable for both personal use and employment opportunities in AI.
Imperva has evolved significantly in cybersecurity, emphasizing data security and AI-driven solutions to combat evolving threats like bad bots and API attacks.