Several key trends have emerged in recent findings. Notably, there is a growing utilization of generative AI, which correlates with the increase in basic bot activity.
The gaming sector remains particularly susceptible to malicious bot traffic. Additionally, businesses face ongoing risks from account takeovers, with APIs increasingly targeted for cyber attacks.
Meanwhile, residential ISPs in various regions are witnessing a surge in detrimental bot traffic, reaching as high as 25.8%.
In Australia, specific industries are particularly affected by simple bot traffic, with Business leading at 88%, followed closely by Retail at 87% and Lifestyle at 82%.
In terms of Automated Threats to Online (ATO) attacks in 2023, Financial Services bore the brunt with 36.8%, followed by Travel at 11.5% and Business Services at 8%. Globally, API attacks in 2023 saw automated threats making up a substantial 30% of all incidents.
According to Imperva Director of Technology, Asia Pacific and Japan, Reinhart Hansen attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails.
“From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organisation’s bottom line by degrading online services and forcing more investment in infrastructure and customer support,” says Hansen
“Organisations in Australia must proactively confront the menace of bad bots as attackers sharpen their focus on API-related abuses that can lead to compromised accounts and data exfiltration.” he said.
30.2.0% of Australian Internet Traffic Includes Bad Bots – 32% Globally
For the fifth consecutive year, the proportion of global web traffic associated with bad bots rose, reaching 32% in 2023, up from 30.2% in 2022, while traffic from human users decreased to 50.4%.
The presence of bots raises serious concerns about cybersecurity and digital privacy within Australia. Experts warn that the prevalence of bad bots poses a threat not only to individual users but also to businesses and government organisations.
“With attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails, a proactive stance is essential to prevent data breaches, account takeovers, and large-scale data theft.” said Hansen
Australia aslo has a high volume of simple bots (70.6%) – 31% higher than the global average. Industries in Australia with the highest proportion of simple bot traffic are business (88%), retail (87%) and lifestyle (82%).
“Bots are one of the most pervasive and growing threats facing every industry,” said Nanhi Singh, Imperva’s general manager of application security,”
“From simple web scraping to malicious account takeover, spam and denial of service, bots negatively impact an organisation’s bottom line by degrading online services and requiring more investment in infrastructure and customer support,”
“Organisations must proactively address the threat of bad bots as attackers sharpen their focus on API-related abuses that can lead to account compromise or data exfiltration.” said Singh
MSPs Concerned About Botnets
Botnets can remain hidden within an organisation’s computer network for years, eventually exploiting vulnerabilities to potentially launch a major cyberattack that could compromise the entire IT infrastructure.
Jim Broome, president and chief technology officer at MSSP DirectDefense, outlined two types of botnets earlier this year in an article for MSSP Alert.
One type targets applications, while the other focuses on personal computers and tablets. When a Managed Security Service Provider (MSSP) begins a new engagement, they often have little knowledge of what might be concealed within the organization’s IT environment.
“The problem is, you may inherit a legacy technology that is currently not adequate enough to protect against either current generation or last generation’s antivirus or botnet persistence,” Broome said.
“You are constantly coaching the customer that they need to install the new stuff (i.e. cybersecurity technologies).” he said
Singh also believes that automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organisations approach building and protecting their websites and applications.
“As more AI-enabled tools are introduced, bots will become omnipresent. Organisations must invest in bot management and API security tools to manage the threat from malicious, automated traffic.” Singh said.
The 2024 Bad Bot report said bots, both good and bad, now made up 36.4% of Australia’s total Internet traffic, underlining the fact that businesses still face a threat from malicious and automated traffic.
