A recent study by bot detection and response specialist Netacea has shed light on the extensive financial impact of malicious bot attacks on large companies, with Russia and China being the primary sources of these attacks. The research reveals that the average annualized cost per company due to these attacks has soared to $85.6 million, far surpassing the average ransomware payment of $1.5 million. These bot-related losses correspond to a significant 4.3% of a company’s online income compared to an average online revenue of $1.9 billion per company.
Despite being less publicized than major ransomware attacks and GDPR fines, these attacks, often termed “death by a billion bots,” have a severe cumulative effect, causing substantial financial losses and damaging the reputation and operations of online businesses.
In the sectors of travel, entertainment, ecommerce, financial services, and telecoms, a striking 72% of businesses have fallen victim to attacks originating in China, while 66% have experienced attacks from Russia. In total, more than half (53%) of all bot attacks originate from these two countries, with Russian threats increasing by 82% over the last two years.
The persistent attacks are akin to a “slow bleeding of wealth” from targeted organizations, as described by Rob Black, a Lecturer in Information Activities at Cranfield University. The success of these threat actors is attributed to evolving attack methods, with API-based incidents now reported by 40% of businesses.
Furthermore, bot operators employ various methods to siphon value from companies, with the top three attack types being Sniping, Credential Stuffing, and Scraping. These tactics lead to substantial financial losses, such as sniping impacting at least $260 million of annual online revenues for some companies.
Additionally, the targeting of mobile apps has now surpassed web-based attacks, further highlighting the evolving nature of these threats. As businesses face a growing number of these attacks, particularly in countries with limited law enforcement capabilities, it becomes increasingly crucial for them to bolster their defenses against malicious bots.