42.3% of Internet Traffic in 2021 Wasn't Human As Account Takeover and Online Fraud Increases
Imperva, Inc., (@Imperva) the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it, releases the 2022 Imperva Bad Bot Report, the ninth annual in-depth analysis of bot traffic across the internet by Imperva Threat Research. Bad bots, software applications that run automated tasks with malicious intent, accounted for a record-setting 27.7% of all global website traffic in 2021, up from 25.6% in 2020. The three most common bot attacks were account takeover (ATO), content or price scraping, and scalping to obtain limited availability items.
Bad bots are often the first indicator of online fraud and represent a risk to digital businesses, as well as their customers. In 2021, evasive bad bots -- a grouping of moderate and advanced bad bots that elude standard security defenses -- made up 65.6% of all bad bot traffic. This breed of bot uses the latest evasion techniques, including cycling through random IPs, entering through anonymous proxies, changing identities, and mimicking human behavior to evade detection.
Bad bots enable high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. Successful attacks can lead to the theft of personal information, credit card data, and loyalty points. For organizations, automated abuse and online fraud contributes to non-compliance with data privacy and transaction regulations. Bad bot traffic is rising at a time when organizations are investing in improving customer experiences online. It's resulted in more digital services, new online functionality, and the development of expansive API ecosystems. Unfortunately, this array of new endpoints is a ripe target for automated attacks by bad bot operators.
"Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, and degraded online services," says Ryan Windham, Vice President, Application Security, Imperva. "With automated fraud growing in intensity and complexity, advanced bot protection is essential for preventing the growing threat digital businessesand consumers face from bad bots."
Key Findings from the 2022 Imperva Bad Bot Report:
Imperva Threat Research concludes that no industry was immune to bad bot activity in 2021. While examples of bots hoarding popular gaming consoles or clogging vaccine appointment scheduling sites made headlines in 2021, any level of bot traffic on a website can cause significant downtime, degrade performance, and reduce service reliability.
As online fraud evolves and attack tools become readily accessible to bad actors, traditional security tools become less effective. The Online Fraud Prevention solution from Imperva combines best-in-class application security products to mitigate bot activity, minimize the costs associated with fraud, and reduce compliance risk -- while contributing to improved customer experiences.
Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multinationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
© 2022 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.