Human Security, a specialist in disrupting digital fraud with modern defenses, has newly released its 2023 Enterprise Bot Fraud Benchmark Report that analyzes bot attack trends such as account takeover, brute force, credential stuffing and others.
The report is based on data gathered from the Human Defense Platform, which verifies the "humanity" of more than 20 trillion digital interactions per week or 33 million every second.
Bad Bot Traffic Increases
Some key takeaways from the report include:
- Bad bot traffic overall increased even as people spent less time online. Legitimate human traffic dropped 28% year-over-year (YoY0, but bad bot traffic increased 102% YoY, meaning that the percentage of bad bots out of overall traffic has increased even faster.
- Automated attacks continued to grow. Web applications experienced a YoY increase in three common types of bot attacks. Carding attacks rose 134% YoY, account takeover attacks rose 108% YoY, and scraping rose 107% YoY.
- Certain industries experienced more bot attacks than others. Bad bots accounted for 57% of traffic to online businesses in the media and streaming industry. Just under 50% of traffic to companies in the travel and hospitality industry (49%) and the ticketing and entertainment industry (46%) was automated.
- Bad actors conducted more bot attacks during top shopping periods. The holiday shopping season drew more automated attacks than the rest of the year; the peak day (October 25) saw 199% more bad bot traffic than the yearly average.
- Enterprise attackers prefer to hide behind desktop devices, as 26% of malicious requests appeared to come from mobile, as compared to 61% of legitimate requests.
- Attackers will utilize anonymizing proxy servers to look like normal human traffic. More than 68% of worldwide malicious traffic came from U.S. proxy servers. That number drops to 47% when looking only at traffic to non-U.S. applications and grows to 75% for traffic to U.S. applications only.
More from Human
Human said that its stock in trade is leveraging modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense.
Commenting on how bot attacks are easy to launch, Gavin Reid, Human chief information security officer, said:
“It’s clear that bots are a pervasive threat. It is extremely easy for bad actors to conduct malicious bot attacks and fraud with minimal effort or risk.”