Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Internet traffic associated with malicious bots now accounts for a third of the total, driving a 10% year-on-year increase in account takeover attacks last year, according to Imperva.
The Thales-owned company's 2024 Imperva Bad Bot Report is a detailed analysis of automated bot traffic across the internet.
It revealed that bots - both good and bad - now account for roughly half of all traffic globally, up slightly from the year before.
The share of bad bot traffic grew by roughly the same percentage over the period.
Although on average it accounts for a third of internet traffic, the figure is significantly higher in Ireland, Germany and Mexico.
Thanks to this activity, ATO attempts now account for 11% of all logins, although the figure is significantly higher in financial services.
Imperva also recorded an increase in targeting of API endpoints, which offer a quick and relatively easy way for threat actors to reach sensitive corporate and customer data.
Over two-fifths of all ATO attacks are now aimed at these endpoints, compared to 35% in 2022.
Overall, bots accounted for 30% of all API attacks in 2023, 17% of which were designed to exploit business logic vulnerabilities.
Bad bot traffic originating from residential ISPs surged to 26%, according to Imperva.
The vendor claimed that threat actors are increasingly looking to mimic mobile browsing usage and combining it with residential or mobile ISP traffic to evade detection.
Overall, the gaming sector recorded the largest proportion of bad bot traffic, while retail, travel and financial services experienced the highest volume of bot attacks.
Law and government websites recorded the largest share of advanced bad bots designed to mimic human behavior and evade defenses - followed by the entertainment sector and financial services.
Nanhi Singh, general manager of application security at Imperva, warned that bots fuel a wide range of malicious online activity, including web scraping, ATO, spam, denial of service and data exfiltration.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 16 Apr 2024 18:13:05 +0000


Cyber News related to Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Bad Bots Drive 10% Annual Surge in Account Takeover Attacks - Internet traffic associated with malicious bots now accounts for a third of the total, driving a 10% year-on-year increase in account takeover attacks last year, according to Imperva. The Thales-owned company's 2024 Imperva Bad Bot Report is a ...
8 months ago Infosecurity-magazine.com
3 Ways to Use Real-Time Intelligence to Defeat Bots - These days, online businesses must grapple with their own version of the replicant dilemma, as they try to make it easy for their human customers to use their sites, while keeping out a new generation of human-like bots. Bots, of course, are hardly a ...
1 year ago Darkreading.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
Why is the internet so busy? Bots - Then there's online shopping, banking, remote working, video conferencing and more, all passing through the internet, connecting us wherever we are. Even as internet usage grows, it makes up just a fraction of total online traffic. One recent report ...
11 months ago Pandasecurity.com
Web scraping is not just a security or fraud problem - Bots compose 42% of overall web traffic, and 65% of these bots are malicious, according to Akamai. Negative effects of scraper bots on business operations. Web scraping is not just a fraud or security problem, it is also a business problem. Scraper ...
5 months ago Helpnetsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Unraveling CAPTCHA: A Comprehensive Insight Into Its History, Applications, and Efficiency - History of CAPTCHA. The inception of CAPTCHA dates back to the late 1990s when researchers at Carnegie Mellon University led by Luis von Ahn, Manuel Blum, and others, sought a solution to prevent automated bots from infiltrating online platforms. In ...
11 months ago Feeds.dzone.com
Unlocking CAPTCHAs: Moving Beyond Deterrence to Detection - In the digital realm, CAPTCHA has long been viewed as a necessary annoyance, a tool employed to thwart automated bots and ensure that real human users can successfully interact with websites. A paradigm shift is underway in how we perceive CAPTCHA. ...
11 months ago Securityboulevard.com
Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Organizations can't ignore the surge in malicious web links. Cybercriminals turn to ready-made bots for quick attacks. Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs. These ...
11 months ago Helpnetsecurity.com
What Can Go Wrong with Bank Online Account Opening? - Online account opening is one of the most crucial functions for banks today. They pull out their driver's license and show it to the camera on the phone or on the PC. The bank checks some data and vets the driver's license and a new account is ...
1 year ago Securityboulevard.com
Bad bot traffic skyrockets across the web - Bad bots are automated programs designed with malicious intent to perform various activities on the internet, often causing harm to individuals, organizations, and online ecosystems. What makes them particularly dangerous is their ability to mimic ...
10 months ago Helpnetsecurity.com
Why Bot Management Should Be a Crucial Element of Your Marketing Strategy - Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and ...
7 months ago Imperva.com
Taylor Swift Bot Attack Highlights Need for Ticketmaster Protection - Taylor Swift fans were recently frustrated after being unable to purchase tickets for her world tour. Unfortunately, the struggle was the result of an organized bot attack, making the availability of tickets for the general public increasingly ...
1 year ago Hackread.com
Kasada Embraces Machine Learning to Reduce Bot Traffic - Kasada has updated its bot defense platform to add hundreds of sensors and machine learning algorithms that detect, in real-time, code that might otherwise bypass legacy approaches to detecting machine-generated traffic rather than that generated by ...
11 months ago Securityboulevard.com
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
7 months ago Go.theregister.com
Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024 - Under the theme 'Advancing Collective Action in Cyberspace,' the event will unite thought leaders, decision makers and experts across the global Cyberspace community to bolster international cooperation, address shared challenges, enhance ...
9 months ago Darkreading.com
Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024 - Hosted by top executives at Arkose Labs, including CCO Patrice Boffa, CFO Frank Teruel, and CPO Ashish Jain, this crystal ball session explores forecasted cyber threats for enterprises in 2024, backed by real-world examples and threat analysis. With ...
11 months ago Securityboulevard.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
CSO's Guide: Water-Tight Account Security For Your Company - In today's escalating threat landscape, account takeover and credential compromise remain top attack vectors for data breaches. CSOs must mandate and implement robust account security to protect critical assets. This comprehensive guide examines ...
10 months ago Securityboulevard.com
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
2 months ago Krebsonsecurity.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
11 months ago Cybersecuritynews.com
Google shares "fix" for deleted Google Drive files - Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. The fix isn't working for all affected users. Once recovery is complete, you'll see a new folder on your desktop with the ...
1 year ago Bleepingcomputer.com
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware - Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. BleepingComputer has learned there is more to this attack, with threat actors ...
9 months ago Bleepingcomputer.com
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
1 year ago Beyondtrust.com
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)