Annual report reveals continued surge in sophisticated bot attacks and their impact on organizations across industries
NEW YORK — (April 24, 2023) — HUMAN Security, Inc. — the global leader in protecting enterprises by disrupting digital fraud and abuse with modern defense — today announced the release of its 2023 Enterprise Bot Fraud Benchmark Report. The annual report provides insights into automated attack trends across enterprise use cases, including account takeover, brute forcing, carding, credential stuffing, inventory hoarding, scalping and web scraping.
Key takeaways from the report include:
- Bad bot traffic overall increased even as people spent less time online. Legitimate human traffic dropped 28% YoY, but bad bot traffic increased 102% YoY — meaning that the percentage of bad bots out of overall traffic has increased even faster.
- Automated attacks continued to grow. Web applications experienced a YoY increase in three common types of bot attacks. Carding attacks rose 134% YoY, account takeover attacks rose 108% YoY, and scraping rose 107% YoY.
- Certain industries experienced more bot attacks than others. Bad bots accounted for 57% of traffic to online businesses in the Media and Streaming industry. Just under 50% of traffic to companies in the Travel and Hospitality industry (49%) and the Ticketing and Entertainment industry (46%) was automated.
- Bad actors conducted more bot attacks during top shopping periods. The holiday shopping season drew more automated attacks than the rest of the year; the peak day (October 25) saw 199% more bad bot traffic than the yearly average.
- Enterprise attackers prefer to hide behind desktop devices. 25% of malicious requests appeared to come from mobile, as compared to 61% of legitimate requests.
- Attackers will utilize anonymizing proxy servers to look like normal human traffic. More than 68% of worldwide malicious traffic came from U.S. proxy servers. That number drops to 46% when looking only at traffic to non-U.S. applications, and grows to 75% for traffic to U.S. applications only.
“It’s clear that bots are a pervasive threat,” said HUMAN CISO Gavin Reid, “It is extremely easy for bad actors to conduct malicious bot attacks and fraud with minimal effort or risk.”
The report emphasizes why it is critical for companies to understand the full scope of the bot problem for their own organizations and customers. As cybercriminals continue to evolve and adapt, businesses must remain vigilant by taking proactive measures to protect their digital assets. Achieving this requires a comprehensive and collaborative approach leveraging the principles of modern defense and collective protection to tip the scales and win against attackers.
HUMAN’s annual Enterprise Bot Fraud Benchmark Report is based on data gathered from the Human Defense Platform, which verifies the humanity of more than 20 trillion digital interactions per week. That is 33 million every second. These unique insights empower organizations to better defend against bot attacks and fraud that pose significant risks to their revenue and brand reputation.
HUMAN is a registered trademark of HUMAN Security, Inc. To learn more about HUMAN’s solutions, please visit www.humansecurity.com.
HUMAN is a cybersecurity company that protects organizations by disrupting digital fraud and abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trillion digital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.