THALES
16.4.2024 09:01:32 CEST | Business Wire | Press release
Thales, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, today announced the release of the 2024 Imperva Bad Bot Report, a global analysis of automated bot traffic across the internet. Nearly half (49.6%) of all internet traffic came from bots in 2023—a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240416225637/en/
©Thales
For the fifth consecutive year, the proportion of web traffic associated with bad bots grew to 32% in 2023, up from 30.2% in 2022, while traffic from human users decreased to 50.4%. Automated traffic is costing organizations billions (USD) annually due to attacks on websites, APIs, and applications.
“Bots are one of the most pervasive and growing threats facing every industry,” says Nanhi Singh, General Manager, Application Security at Imperva, a Thales company. “From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization’s bottom line by degrading online services and requiring more investment in infrastructure and customer support. Organizations must proactively address the threat of bad bots as attackers sharpen their focus on API-related abuses that can lead to account compromise or data exfiltration.”
Key trends identified in the 2024 Imperva Bad Bot Report include:
- Global average of bad bot traffic reached 32%: Ireland (71%), Germany (67.5%), and Mexico (42.8%), saw the highest levels of bad bot traffic in 2023. The US also saw a slightly higher ratio of bad bot traffic at 35.4% compared to 2022 (32.1%).
- Growing use of generative AI connected to the rise in simple bots: Rapid adoption of generative AI and large language models (LLMs) resulted in the volume of simple bots increasing to 39.6% in 2023, up from 33.4% in 2022. The technology uses web scraping bots and automated crawlers to feed training models, while enabling nontechnical users to write automated scripts for their own use.
- Account takeover is a persistent business risk: Account takeover (ATO) attacks increased 10% in 2023, compared to the same period in the prior year. Notably, 44% of all ATO attacks targeted API endpoints, compared to 35% in 2022. Of all login attempts across the internet, 11% were associated with account takeover. The industries that saw the highest volume of ATO attacks in 2023 were Financial Services (36.8%), Travel (11.5%), and Business Services (8%).
- APIs are a popular vector for attack: Automated threats caused a significant 30% of API attacks in 2023. Among them, 17% were bad bots exploiting business logic vulnerabilities—a flaw within the API’s design and implementation that allows attackers to manipulate legitimate functionality and gain access to sensitive data or user accounts. Cybercriminals use automated bots to find and exploit APIs, which act as a direct pathway to sensitive data, making them a prime target for business logic abuse.
- Every industry has a bot problem: For a second consecutive year, Gaming (57.2%) saw the largest proportion of bad bot traffic. Meanwhile, Retail (24.4%), Travel (20.7%), and Financial Services (15.7%) experienced the highest volume of bot attacks. The proportion of advanced bad bots, those that closely mimic human behavior and evade defenses, was highest on Law & Government (75.8%), Entertainment (70.8%), and Financial Services (67.1%) websites.
- Bad bot traffic originating from residential ISPs grows to 25.8%: Early bad bot evasion techniques relied on masquerading as a user agent (browser) commonly used by legitimate human users. Bad bots masquerading as mobile user agents accounted for 44.8% of all bad bot traffic in the past year, up from 28.1% just five years ago. Sophisticated actors combine mobile user agents with the use of residential or mobile ISPs. Residential proxies allow bot operators to evade detection by making it appear as if the origin of the traffic is a legitimate, ISP-assigned residential IP address.
“Automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organizations approach building and protecting their websites and applications,” continued Singh. “As more AI-enabled tools are introduced, bots will become omnipresent. Organizations must invest in bot management and API security tools to manage the threat from malicious, automated traffic.”
Additional Information:
- Download a copy of the 2024 Imperva Bad Bot Report for additional insights.
- See how Imperva Advanced Bot Protection, API Security, and Client-Side Protection can protect websites, mobile applications, and APIs from automated attacks and fraud without affecting the flow of business-critical traffic.
- Read the Imperva Blog for the latest product and solution news, and threat intelligence from Imperva Threat Research.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies within three domains: Defence & Security, Aeronautics & Space, and Digital Identity & Security. It develops products and solutions that help make the world safer, greener and more inclusive.
The Group invests close to €4 billion a year in Research & Development, particularly in key areas such as quantum technologies, Edge computing, 6G and cybersecurity.
Thales has 81,000* employees in 68 countries. In 2023, the Group generated sales of €18.4 billion.
* These figures exclude the ground transportation business, which is being divested
PLEASE VISIT
Cloud Protection & Licensing Solutions | Thales Group
Cybersecurity Solutions | Thales Group
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240416225637/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
MSCI Announces the Results of the MSCI 2026 Market Classification Review23.6.2026 23:42:00 CEST | Press release
MSCI released the results of the MSCI 2026 Market Classification Review. Key takeaways from this year's review include: Reclassification of Bulgaria from Standalone to Frontier Market status Assessment of shareholder transparency and coordinated trading concerns in the Indonesian and Turkish equity markets, acknowledging the announced steps undertaken by both markets to address these matters and noting the continued potential for future consultations on the appropriate treatment of these markets if credible progress is not observed Acknowledgement of the removal of floor prices in Bangladesh, with a caution that any reintroduction could prompt a consultation on reclassification from Frontier to Standalone Market status Ongoing monitoring of the implementation of measures aimed at improving the accessibility of the Korean equity market for international institutional investors Reminder on the reclassification of Greece from Emerging to Developed Market status at the May 2027 Index Revie
Elliptic Intelligence Used by the FBI in Action Against Huione, the $134 Billion Criminal Marketplace and Money Laundering Operation23.6.2026 23:28:00 CEST | Press release
Elliptic, the global leader in digital asset decisioning, today announced that its intelligence was used by the Federal Bureau of Investigation in today's action against the operators of Huione Group. The Justice Department announced the seizure of a cloud computing account used by subsidiaries of the Huione Group, a Cambodia-based corporate conglomerate. First exposed by Elliptic in July 2024, Huione Guarantee was a Telegram-based marketplace serving online fraudsters across Southeast Asia. Merchants sold money laundering services, stolen personal data, websites and other goods and services necessary to perpetrate so-called “pig-butchering” scams and other online fraud., By the time Huione was forced offline, it had received more than $31 billion in cryptoasset transactions, making it the largest illicit online marketplace ever recorded, more than 25 times larger than Silk Road and AlphaBay combined. Huione Group’s payments arm, Huione Pay, was also implicated in the laundering of pro
Rockwell Automation Site Named a World Economic Forum Global Lighthouse23.6.2026 23:13:00 CEST | Press release
Recognition highlights advanced manufacturing capabilities at Rockwell’s Singapore facility and the company’s role in scaling AI-driven transformation Rockwell Automation, Inc. (NYSE: ROK), the world’s largest company dedicated to industrial automation and digital transformation, today announced its Singapore manufacturing facility has been named a member of the Global Lighthouse Network by the World Economic Forum (WEF). The designation recognizes this facility for applying advanced technologies at scale to deliver measurable improvements in productivity, quality and workforce enablement. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260623794856/en/ Rockwell Automation Site Named a World Economic Forum Global Lighthouse Rockwell’s Singapore site was recognized with distinction in the productivity category, reflecting its transformation into a highly flexible, data-driven operation. By deploying more than 50 digital and AI
NIKE, Inc. Announces Planned CFO Transition23.6.2026 22:17:00 CEST | Press release
David M. Denton named incoming Chief Financial Officer NIKE, Inc. (NYSE:NKE) today announced that David M. Denton will join the company as Executive Vice President and Chief Financial Officer, effective August 17. Matthew Friend will step down as Executive Vice President and Chief Financial Officer at that time and remain with the company through September 4 to support an orderly transition. Friend will participate in the company’s fourth quarter fiscal 2026 earnings call on June 30, as planned. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260623328558/en/ David M. Denton | Incoming Executive Vice President & Chief Financial Officer, NIKE, Inc. Denton will lead Nike’s global finance organization, partnering with President and Chief Executive Officer Elliott Hill and the Senior Leadership Team to support disciplined execution, capital allocation, and long-term value creation. “Dave is a proven public-company CFO who knows h
Grid Dynamics Hosted XT26, Convening Capital Markets Technology Leaders on the Volatility of AI in Financial Services23.6.2026 22:05:00 CEST | Press release
Key Takeaways: Grid Dynamics hosted XT26, an invite-only forum focused on the volatility of AI in financial services. XT26 attendees and speakers included over 250 senior technology leaders from global financial institutions such as Bank of America, Citi, HSBC, UBS, JP Morgan, Morgan Stanley, and others. Grid Dynamics Holdings, Inc. (Nasdaq: GDYN) (“Grid Dynamics”), a premier AI transformation partner for the Fortune 1000, hosted XT26. The invite-only conference convened over 250 senior technology leaders from banking, hedge funds, and capital markets at Tower Hill, London. Now in its 10th year, the XT conference series has grown into one of financial services engineering's most respected peer forums in London, built on a single premise: pure thought leadership grounded in real-world experience, with no sales pitches, and no vendor presentations. Just practitioners who are actually doing the work. This press release features multimedia. View the full release here: https://www.businessw
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom