The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries.
Bad bot traffic amounted to 25.6 percent of all website traffic in 2020. This means that a record-breaking quarter of all internet traffic originated from bad bots last year.
Key findings from the 2021 Bad Bot Report:
☐ Bad bot traffic now accounts for a quarter of all internet traffic. Increasing by 6.2 percent from the previous year, bad bot traffic now represents no less than a quarter of all internet traffic. Good bot traffic has risen 16 percent from last year, amounting to 15.2 percent of all traffic. Astoundingly, regardless of the increase in human traffic due to the global pandemic, human traffic decreased by 5.7 percent from last year to 59.2 of all traffic.
☐ Telecom and ISPs were hit the hardest by bad bots. The bad bot problem is a cross industry one. Due to the wide variety of nefarious activities bad bots are capable of, such as account takeover using credential stuffing, to scraping of proprietary data, Grinchbots and more, their targets are varied, too. The top 5 industries with the most bad bot traffic include Telecom & ISPs (45.7%), Computing & IT (41.1%), Sports (33.7%), News (33%), and Business Services (29.7%).
☐ Moderate and sophisticated bad bots still constitute the majority of bad bot traffic. Categorized as Advanced Persistent Bots or APBs, these accounted for 57.1 percent of bad bot traffic in 2020. These are plaguing websites and often avoid detection by cycling through random IP addresses, entering through anonymous proxies, changing their identities, and mimicking human behavior.
☐ Bad bots have taken a liking to mobile identities. While Chrome remains a favorite identity for bad bots to impersonate, its overall share significantly dropped in 2020. Mobile clients like Mobile Safari, Mobile Chrome and others accounted for 28.1 percent of all bad bot requests in 2020. This is a significant increase compared to last year’s 12.9 percent.
☐ Bad bots often originate from the same country they are targeting. The US, China and UK lead the list of countries from which most bad bot traffic originates as well as the list of countries subjected to the most attacks.
What are bad bots?
Bad bots interact with applications in the same way a legitimate user would, making them harder to detect and prevent. They enable high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities. Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, spam, transaction fraud, and more.
Get your copy of the Bad Bot Report 2021 and learn much more.
Get the latest from imperva
The latest news from our experts in the fast-changing world of application, data, and edge security.