Imperva Bad Bot Report 2023
News | 09.06.2023
The 10th annual Imperva Bad Bot Report is a threat research report that analyzes and investigates the automated attacks occurring daily, sneaking past traditional detection methods and reaking havoc on the internet. It is based on data collected from the company’s global network throughout 2022, which includes 6 trillion blocked bad bot requests, anonymized across thousands of domains.
Classification of bad bots by difficulty level:
- Simple – Connecting from a single, ISP-assigned IP address, this bot connects to sites using automated scripts. This bot doesn’t self-report as a browser.
- Moderate – This more complex bot uses “headless browser” software that simulates browser technology, including the ability to execute JavaScript.
- Advanced – Emulating human user behavior like mouse movements and clicks to spoof bot detection. They use browser automation software, or malware installed within real browsers, to connect to sites.
Of all internet traffic in 2022, 47.4% was automated traffic, also commonly referred to as bots. Compared to 42.3% in 2021, that is a 5.1% increase. Of that automated traffic, 30.2% were bad bots, a 2.5% increase from 27.7% in 2021. Good bots are on the rise too, accounting for 17.3% compared to 14.6% in 2021. Alarmingly, the percentage of human traffic continues its downward trend, from 57.7% in 2021 to 52.6% in 2022 – a 5.1% decrease. Of all the attacks recorded by Imperva in the past year, 27% were bad bots that abuse business logic and 26% were other types of automated threats.
Bad bots are a cross-industry, cross-functional problem. Their ability to perform various malicious actions at a capacity and velocity that is downright impossible for a normal human being makes them an ideal tool for high-speed abuse, misuse, and attacks.
Imperva predict that APIs will become the prime target for bad bots in 2023. In pursuit of sensitive data, cybercriminals will put more focus on vulnerable API endpoints that connect directly to an organization’s underlying database. Because API security defenses often overlook automated threats, bots will become a persistent challenge next year and generate more scrapping attacks on individual APIs that lead to data leakage. The challenge is that returning a CAPTCHA challenge to an API request breaks the calling application. Thus, machine learning will be needed to differentiate normal API behavior from malicious traffic, and to understand what data should be transmitted through the API. Therefore, organizations will be challenged to mitigate automated attacks targeting their API libraries until bot management and API security are used in concert.
Security recommendations for the detection of bad bot activity and automated fraud:
- Risk Identification: Stopping bot traffic begins with identifying potential risks to your website.
- Vulnerability Reduction: Protect exposed APIs and mobile apps — not just your website — and share blocking information between systems. Protecting your website is only part of the solution; don’t forget about the other paths that lead to your web applications and data.
- Threat Reduction: User-Agents. Many bot tools and scripts contain user-agent strings with outdated browser versions. In contrast, humans are forced to auto-update their browsers to newer versions.
- Threat Reduction: Proxies. Bad bots increasingly use proxy services to hide their attacks. Attackers do this to appear as human users by rotating bulk IP services in their requests. Not allowing access from bulk IP data centers will decrease the likelihood of botnet traffic.
- Threat Reduction: Automation. Automation tools such as Selenium, Web Driver and others are clear signs of bot traffic.
- Evaluate Traffic.
- Monitor Traffic.
- Awareness: Stay aware of data breaches and leaks occurring around the world.
- Evaluate Bot Mitigation Solutions: Today’s bad actors are using bots for their ease of use and effectiveness. The tools used are constantly evolving, bot traffic patterns are difficult to detect, and their sources can shift frequently. In advanced bots, we are seeing attacks mimicking human behavior like never before. Today, it’s almost impossible to keep up with all of the threats on your own. Your defenses need to evolve as fast as the threats, and to do that you need dedicated support from a team of experts.
Download the full Imperva Bad Bot Report
Receive a personal consultation on Imperva solutions from certified Softprom specialists.
Softprom - Value Added Distributor of Imperva.