Bad bot traffic overall increased even as people spent less time online
HUMAN Security, Inc. the global leader in protecting enterprises by disrupting digital fraud and abuse with modern defence — today announced the release of its 2023 Enterprise Bot Fraud Benchmark Report. The annual report provides insights into automated attack trends across enterprise use cases, including account takeover, brute forcing, carding, credential stuffing, inventory hoarding, scalping and web scraping.
Key takeaways from the report include:
- Bad bot traffic overall increased even as people spent less time online. Legitimate human traffic dropped 28 per cent YoY, but bad bot traffic increased 102 per cent YoY — meaning that the percentage of bad bots out of overall traffic has increased even faster.
- Automated attacks continued to grow. Web applications experienced a YoY increase in three common types of bot attacks. Carding attacks rose 134 per cent YoY, account takeover attacks rose 108 per cent YoY, and scraping rose 107 per cent YoY.
- Certain industries experienced more bot attacks than others. Bad bots accounted for 57 per cent of traffic to online businesses in the Media and Streaming industry. Just under 50 per cent of traffic to companies in the Travel and Hospitality industry (49 per cent) and the Ticketing and Entertainment industry (46 per cent) was automated.
- Bad actors conducted more bot attacks during top shopping periods. The holiday shopping season drew more automated attacks than the rest of the year; the peak day (October 25) saw 199 per cent more bad bot traffic than the yearly average.
- Enterprise attackers prefer to hide behind desktop devices. 25.7 per cent of malicious requests appeared to come from mobile, as compared to 61 per cent of legitimate requests.
- Attackers will utilize anonymizing proxy servers to look like normal human traffic. More than 68 per cent of worldwide malicious traffic came from U.S. proxy servers. That number drops to 47 per cent when looking only at traffic to non-U.S. applications and grows to 75 per cent for traffic to U.S. applications only.
“It’s clear that bots are a pervasive threat,” said HUMAN CISO Gavin Reid, “It is extremely easy for bad actors to conduct malicious bot attacks and fraud with minimal effort or risk.”
The report emphasizes why it is critical for companies to understand the full scope of the bot problem for their own organizations and customers. As cyber criminals continue to evolve and adapt, businesses must remain vigilant by taking proactive measures to protect their assets. Achieving this requires a comprehensive and collaborative approach leveraging the principles of modern defence and collective protection to tip the scales and win against attackers.
HUMAN’s annual Enterprise Bot Fraud Benchmark Report is based on data gathered from the Human Defence Platform, which verifies the humanity of more than 20 trillion digital interactions per week. That is 33 million every second. These unique insights empower organizations to better defend against bot attacks and fraud that pose significant risks to their revenue and brand reputation.