Key Lessons from the 2023 Bad Bot Report

Imperva
SecTor

By Erez Hasson, Product Marketing Manager


The 2023 Imperva Bad Bot Report, the 10th edition of the annual report, looks at the latest statistics and trends from the past year, providing meaningful information and guidance about the nature and impact of bots. Download the full report at www.imperva.com/resources/resource-library/reports/2023-imperva-bad-bot-report

The report covers the evolution of malicious automation, including data about the trend of bot traffic throughout the past decade, as well as some of the biggest stories from previous bad bot reports. These statistics and stories have shaped the bad bot threat landscape as we know it today.

As a leader in bot management, with over 12 years of experience fighting bad bots, this report also takes a retrospective look at bots over the past decade.

Bot traffic in 2022: a significant increase

In 2022, nearly half (47.4%) of all internet traffic came from bots, a 5.1% increase over the previous year.

Key findings from the 2023 Imperva Bad Bot Report:

Four years of rising bad bot traffic levels
30.2% of the internet traffic in 2022 was bad bots, a 2.5% increase from 27.2% in 2021. Good bot traffic levels increased too, accounting for 17.3% of traffic. While the name might suggest that they are no cause for concern, good bots can mean trouble. They skew web and marketing analytics, making it extremely difficult for organizations to make informed business decisions.

Bad bot sophistication continues to rise
In 2022, evasive bad bots accounted for 66.6% of all bad bot traffic – a slight increase from the previous year (65.5%). This is a concerning trend for businesses as evasive bad bots use the latest evasion techniques and closely mimic human behavior to evade detection by cycling through random IPs, entering through anonymous proxies, and changing identities.

APIs are a prime target for bad bots in 2022
17% of all attacks on APIs were from bad bots abusing business logic, and 21% were other types of automated threats. A business logic attack exploits flaws in the design and implementation of an API or application with the intent of manipulating legitimate functionality to steal sensitive data or illegally gain access to accounts.

Growth in Account Takeover attacks: A consequence of data breaches
Attacks have grown by 155% between 2021 and 2022. During Q3 2022, Imperva observed a direct correlation between data breaches and account takeover attacks. A reported 70% rise in data breaches across the globe corresponded to a 40% increase in account takeover attacks. This correlation results from attackers' attempts to use leaked credentials from disclosed data breaches.

Bad bots: a universal problem across industries and functions
Travel (24.7%), Retail (21%), and Financial Services (12.7%) experienced the highest volume of bot attacks. Meanwhile, Healthcare and Law & Government experienced a considerable jump in the volume of bad bot attacks in 2022.

Sustaining Partners