Bots now make up nearly half of all internet traffic, and that's very bad news for our security

Data Breach
(Image credit: Shutterstock)

Bot traffic, and more specifically - bad bot traffic - is hitting new all-time highs, putting everyone’s cybersecurity at risk, new research has claimed.

The 2023 Imperva Bad Bot Report found that in 2022, almost half (47.4%) of all internet traffic came from bots, which is a 5.1% increase year-on-year. At the same time, the proportion of human traffic decreased to 52.6%, which is its lowest level in eight years.

Bot traffic is essentially any traffic to a website or an app that wasn’t done by a human. It is generally perceived as a good thing, as it’s essential for digital assistants, search engines, and similar. Bad bots can interact with internet applications the same way legitimate bots (or users) would, and are thus used to attack websites, mobile apps, and APIs, to run campaigns such as web scraping, data mining, brute-force attacks, DDoS, transaction fraud, and more.

Years of bot growth

In 2022, the volume of bad bot traffic rose by 2.5% and now makes up 30.2% of all traffic, Imperva says. The report also states that this is the fourth consecutive year of constant bad bot traffic growth. In fact, the 2022 figures were never seen before, and Imperva has been tracking this metric since 2013. 

Furthermore, bad bots are growing more sophisticated, and thus harder to spot. More than half (51.2%) of all bad bot traffic came from so-called “advanced” bots, up from 25.9% just a year ago.

“This is a concerning trend for businesses as advanced bad bots use the latest evasion techniques and closely mimic human behavior to evade detection by cycling through random IPs, entering through anonymous proxies, and changing identities,” the researchers conclude.

Most of the bad bot activity takes place in Germany, Ireland, Singapore, and the United States where, travel, retail, and financial service continue to experience an abnormally high volume of attacks.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.