Bad bot attacks are often the first indicator of fraudulent activity targeting your website. This activity may be over-the-top, like validating stolen user credentials and credit card information to later be sold on the dark web or scraping proprietary data to gain a competitive advantage. Bot attacks may also be executed for stealthier activities like surveilling applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is a clear threat to your business and presents a significant risk to your customers, business partners, and employees.
Account takeover (ATO) fraud is a hallmark goal of bad bot attacks. ATO fraud can result in customers being unable to access their online accounts and having sensitive personal information stolen from them. Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, which makes them more difficult to detect and stop. They facilitate high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They enable bot operators, attackers, unsavory competitors, and fraudsters to carry out a staggering array of malicious activities against your digital assets.
These activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.
Bad bot attacks and the loss and pain they inflict are a worldwide scourge. To be sure, some countries are affected more than others. In this post, we’ll reveal the proportion of bad bot traffic for several nation states, tell you which countries are most frequently targeted, and offer recommendations on how to make your organization a hard target for bad bots – particularly if you live in a highly-targeted nation.
Here’s what the Imperva Threat Research team uncovered about the impact of bad bots on nation states:
Germany and Singapore endure the highest proportion of bad bot traffic
Examining the proportion of bad bot traffic by country reveals that several nations exceeded the global average of 27.7%. Germany and Singapore saw almost 40% of traffic originate from bad bots. The United States was also higher than the global average, with 29.1% bad bot traffic.
The United States and Australia were the most targeted countries
The United States was the leading target of bad bots in 2021 (43.1%), a slight increase over 2020 (37.2%). Australia was the second most attacked country by bad bots, targeted by 6.8% of all bad bot traffic. It was closely followed by the United Kingdom (6.7%) and China (5.2%).
Make your organization a hard target for bad bots and online fraud
Every site is targeted for different reasons, and usually, by different methods, no answer will be effective for every organization. However, you can take proactive steps to address the problem today. If you are in one of the more heavily affected countries, you should start immediately. Here are eight recommendations for improving bad bot activity detection and automated fraud detection:
1. Better Risk Identification.
Stopping bot traffic begins with identifying potential risks to your website marketing, and eCommerce campaigns bring more bots. For example – launching a limited quantity, high-demand product. Whether it is a highly sought-after pair of sneakers, a new generation gaming console, or a limited-edition collectors’ item, announce a date and time for a coveted product launch, and bots will be there to get their hands on it first. Make sure that you are prepared to handle the high volume of traffic that is going to include a high ratio of evasive bots trying to scoop up the products and deny your customers access.
Improved understanding of the ways your site could become a target is key to a successful bot management strategy. Some website functionalities are highly exploitable by bad bots. Adding login functionality creates the opportunity for credential stuffing and credential cracking attacks. Adding a checkout form increases the chances of credit card fraud (carding/card cracking). Adding gift card functionality invites bots to commit fraud. Make sure that these pages have extra security measures and a more strict ruleset.
2. Reduce Vulnerability.
Protect exposed APIs and mobile apps — not just on your website — and share blocking information between systems. Protecting your website is only part of the solution; don’t forget about the other paths that lead to your web applications and data.
3. Threat Reduction.
Many of the bot tools and scripts contain user-agent strings with browser outdated versions. In contrast, humans are forced to auto-update their browsers to newer versions.
4. Proxy Services Threat Reduction.
Bad bots increasingly use proxy services to hide their attacks. Attackers do this to appear as human users by rotating bulk IP services in their requests. Not allowing access from bulk IP data centers will decrease the likelihood of botnet traffic. Examples of bot providers include Host Europe GMBH, Dedibox SAS, Digital Ocean, OVH SAS & Choopa, and LLC.
5. Evaluate Traffic.
Evaluating traffic for bots can be difficult without clear indicators of the traffic type. Bot traffic can be associated with high bounce rates or low conversion rates. Another strong indication of bots is unexplained traffic spikes or high requests to a particular URL. Bots focusing on a specific event could explain the dramatic increase to a particular endpoint. Determine if there’s a clear source from the increased traffic levels. Such examples can be seen in an IP, ISP, or URL receiving more than average traffic levels.
6. Monitor Traffic.
On login pages, define your failed login attempt baseline, then monitor for anomalies or spikes. Set up alerts so you’re automatically notified if any occur. Advanced “low and slow” attacks don’t trigger user or session-level alerts, so be sure to set global thresholds. On checkout and gift card validation pages, an increase in failures, or even traffic, can be a signal of carding attacks or that bots such as GiftGhostBot are attempting to steal gift card balances.
Stay aware of data breaches and leaks occurring around the world. The ease of buying credential dumps from breaches and renting bot infrastructure to automate an attack has made this a very real risk. Bots will often use newly compromised credentials for stuffing attacks and ATO, as they are more likely to still be active, increasing the probability of compromising user accounts on your site.
8. Evaluate Bot Protection solutions.
In early bot attack days, you could protect your site with a few tweaks and configurations to block bad bots. The data explored throughout this report shows that these days are long gone. Today’s bad actors are using bots for their ease of use and effectiveness. The tools used are constantly evolving, bot traffic patterns are difficult to detect, and their sources can shift frequently. In advanced bots, we are seeing attacks mimicking human behavior like never before. For these reasons, hackers widely choose bots to target your site, as their incentives are high with low risk. Today, it’s almost impossible to keep up with all of the threats on your own. Your defenses need to evolve as fast as the threats, and you need dedicated support from a team of experts.
Where to learn more
The 9th Annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. This report delivers meaningful information and guidance about the nature and impact of these automated threats. Download it here.
Try Imperva for Free
Protect your business for 30 days on Imperva.