Bot traffic reached a new high in 2020

Bad Bots
(Image credit: Gonin / Shutterstock)

The cybersecurity firm Imperva has released the latest edition of its annual Bad Bots Report revealing that last year saw the highest percentage of bad bot traffic since the report's inception back in 2014.

In 2020, bad bots accounted for 25.6 percent of all bot traffic online while traffic from humans fell by 5.7 percent. Bots are also growing in scale and having a wider impact on user's daily lives as more than 40 percent of all web traffic originated from a bot last year.

Of the bad bot traffic observed by Imperva last year, advanced persistent bots accounted for 57.1 percent. As these bots closely mimic human behavior and are harder to detect, they are responsible for high-speed abuse, misuse and attacks on websites, mobile apps and APIs. 

Advanced Persistent Bots also present a challenge for organizations that want to mitigate downtime, reduce bandwidth consumption and improve experiences for their legitimate human customers while also wreaking havoc for online businesses through price scraping, content scraping, account creation, account takeover, fraud, denial of service and denial of industry.

Bad bots

Last year telecoms and internet service providers (ISPs) experienced the highest proportion of overall bot traffic at 45.7 percent. At the same time though, the travel industry saw the greatest percentage of sophisticated bot traffic (59.7%) while government sites also saw an increase with bots involved in account takeover and data scraping of business registration listings and voter registration.

Cybercriminals took advantage of the global pandemic to launch a wide variety of cyberattacks on businesses and individuals but the one of the ways in which they did this was through scalper bots. Throughout 2020, scalper bots were used to hoard large inventories of face masks, cleaning supplies, home workout equipment and more. Once the Covid-19 vaccine became available though, scalpers also used bad bots to target vaccine appointment sites and disrupt their supply chains to make it harder for legitimate users to schedule vaccine appointments.

The launch of Sony's PlayStation 5 and Microsoft's Xbox Series X was another big opportunity for scalpers who used bad bots to hoard gaming hardware. This was also the case with graphics cards and other PC parts which became especially difficult to purchase during the pandemic.

In a press release announcing the findings of its Bad Bots Report 2021, director of strategy and application security at Imperva, Edward Roberts provided further insight on what can happen if bots go unchecked online, saying:

“As we’ve monitored over the past eight years, bad bots continue to ravage the Internet, while attack characteristics are becoming more advanced and nuanced over time. Throughout the past year and during a global pandemic, bad bots have thrived by targeting new markets and the impacts are now felt by everyday consumers. The Grinch Bot disruption to the gaming hardware industry in late 2020 is one example of what happens when bots go unchecked and cause denial of inventory. Bad bots must be a top concern for businesses and security practitioners in 2021 as the problem is likely to grow. Organizations must take proactive action to secure their websites, applications and APIs from these threats as bots are increasingly involved in fraudulent activity that can be a source of reputational and financial damage.”

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.