42% of internet traffic in 2021 wasn’t human, as ‘bad bots’ attack retail

Over half the traffic on the internet to commercial websites are ‘bad bots’ intent on fraud and the retail sector is particularly vulnerable, according to the 2022 Imperva Bad Bot Report.

According to the report, bad bots are software applications that run automated tasks with malicious intent and are used for account takeover (ATO), content or price scraping and obtaining limited-availability items.

The volume of attacks originating from sophisticated bad bots was most notable across travel (34.2%), retail (33.8%), and financial services (8.8%) in 2021.

Specifically, these sectors remain a prime target because of the valuable personal data they store behind user login portals on their sites and apps.

In 2021, Germany (39.6%), Singapore (39.1%), and Canada (30.2%) experienced the highest volumes of bad bot traffic, while the US (29.1%) and UK (29.7%) were also higher than the global average (27.7%) of bad bot traffic.

The research also reveals that 35.6% of bad bots hide as mobile web browsers.

The presence of bad bots are often the first indicator of online fraud and pose a significant risk to online retailers and their customers.

READ MORE: Klarna adds ‘financial overview’ dashboard to help Irish users track spending

In 2021, evasive bad bots – a grouping of moderate and advanced bad bots that elude standard security defences — made up 65.6% of all bad bot traffic.

This type of bot uses the latest evasion techniques, including cycling through random IPs, entering through anonymous proxies, changing identities, and mimicking human behaviour to evade detection.

Bad bots enable high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. Successful attacks can lead to the theft of personal information, credit card data, and loyalty points.

The rise of bad bot traffic is occurring when organizations are investing in enhanced customer experiences online, including more digital services, new online functionality and the development of expansive API ecosystems.

These new features are ripe for attracting automated attacks by bad bots operators.

“Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, and degraded online services,” Imperva vice president, application security Ryan Windham said.

“With automated fraud growing in intensity and complexity, advanced bot protection is essential for preventing the growing threat digital businesses and consumers face from bad bots.”

Click here to sign up to Charged free daily email newsletter



Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.