Humans and bots share the internet nearly equally, with bots generating 49.6% of all web traffic in 2023. This represents a 2% increase from the previous year and the highest level recorded since Imperva began tracking bot activity in 2013.
The report’s findings align with the growing concern that much of online content is not human-generated, raising questions about the authenticity of online interactions.
A bot is a computer programme designed to autonomously execute tasks online, mirroring human actions. Typically programmed to browse websites and scour the internet for information, bots excel in speed and efficiency, effortlessly conducting repetitive searches and analysing vast data sets.
But not all bots are created equal. While some, like search engine crawlers, perform valuable tasks for businesses, a concerning trend is the rise of bots used for malicious purposes.
These bad bots now comprise 32% of all web traffic, up from 30.2% in 2022, costing businesses billions of dollars annually through website attacks and data breaches.
“Bots are one of the most pervasive and growing threats facing every industry,” says Nanhi Singh, general manager, application security at Imperva.
“From simple web scraping to malicious account takeover, spam and denial of service, bots negatively impact an organisation’s bottom line by degrading online services and requiring more investment in infrastructure and customer support.”
The Imperva report reveals that Ireland (71%), Germany (67.5%), and Mexico (42.8%) face a much bigger problem with bad bots compared to the global average. The US, while lower at 35.4%, still saw a concerning rise from 2022.
The rise of generative AI is linked to the increase in simple bots. These bots are often used to train AI models by scraping data from websites. The ease of use of this technology allows even non-technical users to create their own automated scripts, potentially adding to the bot traffic.
The consequences of bad bot activity are far-reaching. Imperva found a 10% increase in account takeovers (ATO) targeting login credentials to gain unauthorised access to user accounts.
Worryingly, nearly half (44%) of these attacks targeted API endpoints, highlighting a growing vulnerability in this area. The financial services industry was hit the hardest with ATO attacks, accounting for 36.8% of all compromised accounts. Travel and business services followed closely behind.
The report also explores how developers of bad bots are adapting their tactics. Mobile user agents and residential ISPs are increasingly used to disguise bot activity and make it appear like legitimate human traffic, making it harder for security systems to detect them.
The impact of bots is already being felt on major social media platforms like X.
A surge of automated accounts spamming pornography comments has plagued the platform, overwhelming its content moderation capabilities which were recently reduced by Elon Musk’s cost-cutting measures. Musk recently proposed charging users for posting and interacting as a potential solution to curb the proliferation of these bots.
The problem, however, extends beyond X. Similar issues with automated content flooding platforms like Facebook and TikTok highlight the growing challenge of maintaining a genuine online space.
Nanhi Singh anticipates the problem will intensify, with bots potentially becoming “omnipresent” in the near future. She says organisations need to be proactive by implementing bot management and security tools to mitigate automated threats and prevent account takeovers.
Wanda Parisien is a computing expert who navigates the vast landscape of hardware and software. With a focus on computer technology, software development, and industry trends, Wanda delivers informative content, tutorials, and analyses to keep readers updated on the latest in the world of computing.
