cyware: Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Summary: Malicious bots now account for a third of internet traffic, leading to an increase in account takeover attacks, according to Imperva’s Bad Bot Report. The report also highlights the targeting of API endpoints and the use of residential ISPs by threat actors to evade detection.

Threat Actor: Malicious bots | malicious bots
Victim: Internet users and organizations | internet users and organizations

Key Points:

  • Malicious bots account for a third (32%) of internet traffic, leading to a 10% increase in account takeover attacks.
  • API endpoints are increasingly targeted by threat actors, with 44% of all account takeover attacks aimed at these endpoints.
  • Bad bot traffic originating from residential ISPs has surged to 26%, as threat actors mimic mobile browsing usage to evade detection.
  • The gaming sector experiences the largest proportion of bad bot traffic, while law and government websites have the highest share of advanced bad bots.
  • Organizations must invest in bot management and API security tools to protect against the threat from malicious bots.

Internet traffic associated with malicious bots now accounts for a third (32%) of the total, driving a 10% year-on-year (YoY) increase in account takeover (ATO) attacks last year, according to Imperva.

The Thales-owned company’s 2024 Imperva Bad Bot Report is a detailed analysis of automated bot traffic across the internet. It revealed that bots – both good and bad – now account for roughly half (49.6%) of all traffic globally, up slightly (2%) from the year before.

The share of bad bot traffic grew by roughly the same percentage over the period. Although on average it accounts for a third of internet traffic, the figure is significantly higher in Ireland (71%), Germany (68%) and Mexico (43%).

Thanks to this activity, ATO attempts now account for 11% of all logins, although the figure is significantly higher in financial services (37%).

Read more on malicious bots: Bad Bots Now Account For 30% of All Internet Traffic

Imperva also recorded an increase in targeting of API endpoints, which offer a quick and relatively easy way for threat actors to reach sensitive corporate and customer data. Over two-fifths (44%) of all ATO attacks are now aimed at these endpoints, compared to 35% in 2022.

Overall, bots accounted for 30% of all API attacks in 2023, 17% of which were designed to exploit business logic vulnerabilities.

Bad bot traffic originating from residential ISPs surged to 26%, according to Imperva. The vendor claimed that threat actors are increasingly looking to mimic mobile browsing usage and combining it with residential or mobile ISP traffic to evade detection.

Overall, the gaming sector (57%) recorded the largest proportion of bad bot traffic, while retail (24%), travel (21%) and financial services (16%) experienced the highest volume of bot attacks.

Meanwhile, law and government websites (76%) recorded the largest share of advanced bad bots designed to mimic human behavior and evade defenses – followed by the entertainment sector (71%) and financial services (67%).

Nanhi Singh, general manager of application security at Imperva, warned that bots fuel a wide range of malicious online activity, including web scraping, ATO, spam, denial of service and data exfiltration.

“Automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organizations approach building and protecting their websites and applications,” he added.

“As more AI-enabled tools are introduced, bots will become omnipresent. Organizations must invest in bot management and API security tools to manage the threat from malicious, automated traffic.”

Source: https://www.infosecurity-magazine.com/news/bad-bots-10-surge-account-takeover/


“An interesting youtube video that may be related to the article above”