According to a new report by cybersecurity firm Imperva, bot traffic accounted for 47.4% of all internet traffic in 2022. This is a 5.1% increase from the previous year and the highest level since 2013. Meanwhile, human traffic decreased to 52.6%, its lowest level in eight years.
Bots are software applications that perform automated tasks on the internet. They can be useful for providing services such as search engines, digital assistants, and chatbots. However, not all bots are benign. Some bots are malicious and can harm our security and privacy by attacking websites, mobile apps, and APIs.
Bot traffic can be classified into two categories: good bots and bad bots. Good bots are those that perform legitimate and beneficial functions, such as indexing web pages for search engines or providing voice assistance for users. Bad bots are those that perform malicious and harmful activities, such as web scraping, data mining, brute-force attacks, DDoS attacks, transaction fraud, and more.
The report found that bad bot traffic rose by 2.5% in 2022 and made up 30.2% of all traffic. This is the fourth consecutive year of growth for bad bot traffic and the highest level ever recorded by Imperva. The report also revealed that bad bots are becoming more sophisticated and harder to detect. More than half (51.2%) of all bad bot traffic came from advanced bots that use evasion techniques and mimic human behavior.
Why Bad Bots are a Threat to All Web Users
The report identified Germany, Ireland, Singapore, and the United States as the countries with the highest levels of bad bot activity. The most targeted industries were travel, retail, and financial services.
These sectors are vulnerable to bad bots because they rely on online transactions, have valuable data, and face high competition. Bad bots pose a serious threat to our security and privacy because they can:
- Steal sensitive data such as personal information, credit card details, login credentials, and intellectual property.
- Manipulate online markets by inflating prices, creating fake reviews, generating click fraud, and skewing analytics.
- Disrupt online services by overwhelming servers, consuming bandwidth, slowing down performance, and causing downtime.
- Compromise online accounts by testing stolen credentials, hijacking sessions, or creating fake profiles.
“This is a concerning trend for businesses as advanced bad bots use the latest evasion techniques and closely mimic human behavior to evade detection by cycling through random IPs, entering through anonymous proxies, and changing identities,” the researchers say in a press release.
How to Stop Bad Bot Traffic
There is no easy solution to stop bot traffic because bots are constantly evolving and adapting to new defenses. Certainly, there is nothing that can be done by the end user as the issue is a backend problem. If you manage a website as an admin or control a server, there are steps you can take to reduce the impact of bot traffic on security and privacy:
- Use a reputable bot management solution that can identify and block malicious bots in real time.
- Implement strong authentication methods such as multi-factor authentication or CAPTCHA to prevent bots from accessing online accounts or forms.
- Monitor web traffic and analytics regularly to detect any anomalies or suspicious patterns.
- Educate ourselves and others about the risks of bot traffic and how to protect ourselves online.
Bot traffic is a growing problem that affects everyone who uses the internet. By being aware of the dangers of bot traffic and taking preventive measures, admins can help to make the internet a safer and more secure place for ourselves and others.
