Malicious Bots Account for 73% of All Internet Traffic

By Ava McKinneyOnline Safety

Malicious Bots Now Make Up 73% of Global Internet Traffic

According to a recent analysis by Arkose Labs, malicious bots are responsible for 73% of all internet traffic as of 2023. The study, which examined billions of bot activities from January to September 2023, found that while some bots perform useful functions like indexing the web, the majority are designed for harmful purposes.

Main Types of Malicious Bot Attacks

Researchers identified five primary categories of “bad bot” attacks:

  • Creating fake accounts
  • Account takeovers
  • Scraping data
  • Account management abuse
  • Product abuse (including testing stolen bank cards)

Compared to the previous quarter, these categories remained largely unchanged, except for a shift from product abuse to automated testing of stolen bank cards.

Rapid Growth in Certain Attack Types

The most significant increases in attacks were seen in:

  • SMS payment fraud (up 2,141%)
  • Account management abuse (up 160%)
  • Fake account creation (up 23%)

Industries Most Targeted by Bots

The top five industries targeted by bot attacks are:

  • Technology (76% of traffic is bot-related)
  • Gaming (29%)
  • Social media (46%)
  • E-commerce (65%)
  • Financial services (45%)

Human-Operated Bot Farms on the Rise

When bots fail to achieve their goals, criminals increasingly turn to human-operated farms. In the first half of 2023, over 3 billion attacks were carried out using such farms, primarily located in Brazil, India, Russia, Vietnam, and the Philippines.

Why Malicious Bot Activity Is Growing

Researchers predict that the number of malicious bots will continue to rise due to two main factors:

  • The emergence and widespread availability of artificial intelligence
  • The increasing professionalism of criminals, fueled by the growth of “crime-as-a-service” (CaaS) offerings

There are even websites and software with corporate support specifically designed for criminal use, often appearing as legitimate businesses. This shift has made attacks cheaper and more sophisticated, as they are now carried out by organized teams rather than individual cybercriminals.

“Smart” Bots and Advanced Threats

From the first to the second quarter of 2023, traffic from “smart” bots nearly quadrupled. These bots use advanced technologies like machine learning and AI to mimic human behavior and evade detection, targeting vulnerabilities in IoT devices, cloud services, and emerging technologies.

Data Scraping Bots Surge

The number of bots collecting data and images from websites jumped by 432% between the first and second quarters of 2023. Social media account scraping, in particular, enables criminals to gather personal data for large-scale, convincing phishing attacks, often enhanced by AI.

How to Combat Malicious Bots

The report’s authors believe the only solution is to improve the detection of malicious bots and reduce their effectiveness, thereby limiting their access to human or system targets. If these attacks become unprofitable, criminals are likely to abandon them.

Leave a Reply