Every second person online is a bot – new report

  • A new cybersecurity study found that 49.6 percent of all global traffic is now being generated by bots.
  • Not only is this a problem for users online trying to find genuine humans, but also presents significant security risks for companies going forward.
  • Bad bots can be used to steal user information and access company APIs, and they’re only getting smarter.

As if the Dead Internet theory needed any more credence, a new report from cybersecurity firm Thales has found that half of all online traffic generated in 2024 was done so by bots.

This was found in the 2024 Imperva Bad Bot Report, which indicates that 49.6 percent of all global traffic activity was generated by bots – automated software created to fulfil different purposes on the internet. It means that nearly every second person who visits any online site around the world is not a person at all, but a bot.

Since 2023, the number of bots online increased 2 percent into 2024. In fact, a security brief of the report states that web traffic from bots has increased year on year since 2022. “This rising automated traffic trend is costing businesses billions of dollars annually due to attacks on websites, APIs, and applications,” the security brief reads.

“The increase in bot-generated traffic comprised both automated and direct malicious engagements,” it added.

“Bots are one of the most pervasive and growing threats facing every industry. From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization’s bottom line,” explained Nanhi Singh, General Manager of application security at Imperva, the Thales-owned company that led the study.

The company found that right now we are seeing the most bots ever on the internet.

More concerning than bots simply masquerading as people, confusing website analytics, annoyingly spamming ads for crypto, gambling or pornography, is that a significant portion of these bots is being used by bad actors for cybercrime.

While some bots are considered “good bots” that perform necessary activities online or make things more convenient for users, like offering summaries of news stories or downloading videos, bad bots can steal user information or be used in distributed denial of service (DDoS) attacks.

According to the report, Ireland saw the highest percentage of web traffic from bad bots at 71 percent of all traffic, followed by Germany (67.5 percent) and Mexico (42.8 percent). Online gaming sees a large portion of bad bot traffic, followed by retail, travel and financial services.

Cybercriminals are using these bots most often for account takeover attacks, with bad bots targeting API endpoints. The report found that among all login attempts online, 11 percent were associated with bot account takeovers. This mostly impacted the financial services (as in, bots trying to log into back accounts), travel and business services industries.

With advancements in generative AI, the bot situation is only getting worse for users and easier for threat actors. Now, simple bots are becoming easier to write thanks to chatbots that can create code for them in seconds. It has seen the volume of simple bots increase to nearly 40 percent of all bots in 2024, compared to 33 percent in 2022.

As for the smart bots, generative AI only makes them smarter which allows for make sophisticated attacks. Advanced automated threats are becoming more common, with 30 percent of API attacks in 2023 caused by smarter generative AI-powered bots.

Around 17 percent of these bots are now able to exploit business logic vulnerabilities – allowing them to manipulate API’s and access sensitive data and user accounts.

“As more AI-enabled tools are introduced, bots will become omnipresent. Organizations must invest in bot management and API security tools to manage the threat from malicious, automated traffic,” stressed Singh.

But how are the biggest companies online dealing with this issue of bots? Mostly, they just say the problem is being tackled a la Elon Musk and X, but there is seemingly nothing than can be done to rid platforms of bots.

The bot problem is seemingly only going to get worse going forward, and that means that the world wide web becomes less about people sharing ideas and more of a sea of fake automated posters, looking to farm as much engagement as possible while increasingly smarter bots try to steal your personal data. Isn’t the internet a magical place?

[Image – Photo by Mohamed Nohassi on Unsplash]


About Author


Related News