The rise of malicious bot activity is fueling a significant surge in account takeover attacks, according to the 2024 Imperva Bad Bot Report. With internet traffic associated with bots now constituting a third of the total, account takeover attempts have increased by 10% year-on-year. Notably, the share of bad bot traffic has grown proportionally, reaching an average of one-third of all internet traffic. These nefarious activities have a particularly strong presence in countries like Ireland, Germany, and Mexico. Financial services are among the worst-hit sectors, with ATO attempts accounting for a staggering 37% of all logins.
Furthermore, Imperva’s report highlights a concerning trend in the targeting of API endpoints by threat actors. Over 44% of ATO attacks now focus on these endpoints, offering a lucrative opportunity for attackers to access sensitive corporate and customer data. The gaming sector experiences the highest proportion of bad bot traffic, followed by retail, travel, and financial services. Notably, law and government websites face the greatest threat from advanced bad bots designed to mimic human behavior, posing significant challenges to defense mechanisms.
Nanhi Singh, General Manager of Application Security at Imperva, emphasizes the wide-ranging impact of malicious bots on online activities, including web scraping, spam, denial of service, and data exfiltration. Singh warns that as bots continue to proliferate, organizations must prioritize investments in bot management and API security tools to effectively mitigate the threat posed by automated malicious traffic.
