Consumer-focused and digital-native industries are prime targets for cybercriminals, with inadequate defenses against harmful bots.
The lack of protection jeopardises data security and the customer experience, leading to serious consequences such as financial loss and reputational damage.
The research also found the luxury and e-commerce sectors are particularly vulnerable, with only 5% of luxury brand websites and 10% of e-commerce websites fully shielded against bad bots—posing a serious risk as the holiday shopping season approaches.
Furthermore, just 6% of media websites are adequately protected from bots, leaving 94% vulnerable to ad fraud, content scraping, and DDoS attacks. The findings highlight a strong connection between the growth of bad internet traffic and the susceptibility of high-traffic websites.
Bad bot creation has become an increasingly popular, quick, and cost-effective method for attackers aiming to automate online fraud.
“Consumer-centric industries are especially vulnerable to malicious bot activity, which heightens the risk of financial loss, data breaches, and reputational harm “said Antoine Vastel, Vice President of Research at DataDome,”
“As our research shows, the low barriers to creating and deploying bad bots have made them a preferred tool for fraudsters targeting high-traffic websites. The need for robust, multi-layered bot protection has never been more urgent,” Vastel said.
AI-Powered Advanced Bots Evading Detection
Over the past year, both basic and advanced bot-driven attacks have surged. Cybercriminals now have access to more sophisticated tools and techniques, leaving traditional defenses unable to keep up.
Advanced bots, equipped with AI-powered “bot farms” to bypass CAPTCHAs in real time, were only detected in less than 5% of cases. These sophisticated bots can accurately mimic users and have been used to spread disinformation.
In July 2024, the U.S. Department of Justice dismantled a large Russian propaganda operation that used a “bot farm” to bypass a user verification method on X and spread disinformation in the U.S.
The growing use of advanced bots by political actors is a major concern as the U.S. presidential election approaches.
“We’re witnessing a rise in genAI-enhanced media, which can be exploited for political influence. Social media platforms and media websites are becoming prime targets for bad actors spreading disinformation,”
“With it being an election year, we strongly urge media websites to reevaluate the risks posed by malicious web traffic,” Vastel added.
The advancements in automated browsers, anti-detection frameworks, proxy usage, and AI-assisted technology are making it increasingly difficult for companies to defend against bot attacks.
Among the domains that implemented some form of bot protection, 45% were still completely penetrated by bots. Fake Chrome bots, in particular, are one of the hardest to detect, leaving businesses vulnerable to Layer 7 DDoS attacks, account fraud, and more.
Europe and North America Lag Behind in Bot Protection
Regionally, Europe is the least prepared to defend against simple bot attacks, with 68% of websites unprotected and just 8% fully protected. North America follows closely, with 64% of websites unprotected and only 9% fully secured.
