Arkose Labs’ analysis of billions of bot attacks from January to September 2023 reveals a significant increase in malicious bots, constituting 73% of all internet traffic in Q3, 2023. These Bad Bots engage in activities like fake account creation, account takeovers, scraping, account management, and in-product abuse.
Notably, there has been a substantial rise in SMS toll fraud (2,141%), account management (160%), and fake account creation (23%) from Q2 to Q3. The sectors most targeted by Bad Bots include technology, gaming, social media, e-commerce, and financial services.
The prevalence of Bad Bots is expected to grow due to the availability of artificial intelligence (gen-AI) and the increasing professionalism of cybercriminals offering crime-as-a-service (CaaS). Intelligent bots, utilizing machine learning and AI, are adept at mimicking human behavior to evade detection, making them more effective at exploiting vulnerabilities in IoT devices, cloud services, and emerging technologies.
Scraping bots, responsible for gathering data and images from websites, have increased by 432% from Q1 to Q2, particularly targeting social media accounts and the travel and hospitality sectors. The rise of CaaS has altered the dynamics, making cyberattacks cheaper and more sophisticated, with criminals leveraging purpose-built products like scraping tools for fraudulent activities.
The connection between the rise of Bad Bots, the advent of gen-AI, and the growth of CaaS underscores the challenges faced by organizations in combating evolving cyber threats. The affordability and efficiency provided by CaaS enable a broader range of individuals to engage in cybercrime, with services openly offering tools designed for fraudulent activities.
As the volume of Bad Bots continues to increase, effective detection and mitigation strategies become crucial to limit their impact on businesses and users.