HUMAN Blog

Bringing Bad Bots to Light: The 2023 Enterprise Bot Fraud Benchmark Report

Written by Alexa Levine | April 24, 2023

HUMAN has released the 2023 Enterprise Bot Fraud Benchmark Report, which provides insights into automated attack trends across enterprise use cases. Read on for the top takeaways, or download the full report.

Internet visibility is the name of the game for stopping bad bots and online fraud. And HUMAN’s visibility is unmatched. HUMAN observes more than 20 trillion digital interactions each week across 3 billion devices worldwide. So, when it comes to activity on the internet, we’ve seen a thing or two…or 33 million interactions per second, to be exact.

Malicious bots like to hide in the shadows of the internet, but we’re here to bring them to light. Illuminating and observing automated attack patterns is the first step in combating this massive threat. With that in mind, we’ve released our annual Enterprise Bot Fraud Benchmark Report, which details automated attack patterns against enterprises across the web. Here are the key findings.

  • Bots have expanded their online presence

Bad bot traffic rose 102% YoY, even as legitimate human traffic decreased. As pandemic-era restrictions eased, people became less internet-dependent and shifted some activity offline. Despite this, bad bots continued to attack digital organizations in greater numbers. Web and mobile applications are treasure troves of value, and bots are an easy and cheap way to attack them at scale.

  • Bot operators hide behind faked devices and servers

Attackers almost always use proxy servers and fake user-agents to hide the true source of malicious requests. By faking the traffic source, bot operators can also better blend in with the crowd. For example, U.S. proxy servers account for 75% of requests to U.S. applications, but only 47% of requests to ex-U.S. applications. This shows that attackers often choose to mimic the source of legitimate traffic based on the region they are targeting.

  • Bot attacks are a persistent and growing threat

Web applications experienced a YoY increase in three common types of bot attacks: carding, account takeover, and scraping. Carding attacks grew 134% YoY, account takeover attacks grew 108% YoY, and scraping attacks grew 107% YoY.

Furthermore, all three saw attack types increased as the year went on. In the second half of 2022 as compared to the first half, carding attacks rose 161%, account takeover attacks rose 123%, and scraping attacks rose 112%.

Automated Fraud has a Material Impact

HUMAN’s Satori Threat Intelligence and Research Team has observed bots performing human-like behaviors, such as taking over accounts, making fraudulent purchases, scraping proprietary content, inflating engagement with media, and scalping hot products. Bot attacks, once considered an inevitable and relatively inconsequential type of online fraud, can now have a material impact on brand reputation and revenue.

The cost of letting bad bots and fraud go undetected is growing. At the same time, bots are becoming increasingly sophisticated and pervasive. Our data suggests that certain periods (such as concert ticket release days, Cyber Monday, and days surrounding political events) will always be high targets. However, other seemingly insignificant days are often prone to bot attacks as well. 

In the words of Gavin Reid, CISO at HUMAN, “It’s clear that bots are a pervasive threat. “It is extremely easy for bad actors to conduct malicious bot attacks and fraud with minimal effort or risk. This means that cybercriminals can take advantage of any event online, big or small, making all events open for attack."

Today, the ebb and flow of bot traffic is better described as just the flow and bigger flow. Bots are a persistent and growing threat, so digital organizations must have defenses in place all year round. And that’s where modern defense comes in.

Disrupting Online Fraud and Abuse with Modern Defense

Built on the three pillars of visibility, network effect, and disruptions and takedowns, modern defense is the fuel behind everything that HUMAN does. The strategy of modern defense powers the Human Defense Platform, an award-winning suite of security solutions that protect against digital attacks targeting exposed ad, web, mobile and API surfaces.

Modern defense allows HUMAN to stop sophisticated bot attacks and online fraud with unmatched speed, scale, and precision. 

  • Our unmatched visibility allows us to keep on the pulse of cyberthreats across the web, whether bot-driven or not. 
  • With our network effect, we share knowledge and deploy protections for all of our customers.
  •  We disrupt cybercrime with every mitigation action; we don't just block real-time threats, but execute a range of responses that increase the cost to bad actors and deter future attacks. 

Together, the pillars of modern defense enable HUMAN to disrupt the economics of cybercrime and deliver collective protection that combats tomorrow’s cybersecurity threats, today.

Read the 2023 Enterprise Bot Fraud Benchmark Report to see more bot trends, or contact us for a free bot risk assessment.