Bad bot traffic has increased compared to previous years, comprising almost one quarter (24.1%) of all website traffic and most heavily impacting the financial services industry, according to Imperva.

In 2019, bad bot traffic comprised 24.1% of all website traffic, rising 18.1% from the year prior. Good bot traffic consisted of 13.1% of traffica 25.1% decrease from 2018while 62.8% of all website traffic came from humans.

Every industry has a unique bot problem ranging from account takeover attacks and credential stuffing to content and price scraping. The top 5 industries with the most bad bot traffic include financial services (47.7%), education (45.7%), IT and services (45.1%), marketplaces (39.8%), and government (37.5%).

Advanced persistent bots (APBs) continue to plague websites and often avoid detection by cycling through random IP addresses, entering through anonymous proxies, changing their identities, and mimicking human behavior. In 2019, 73.7% of bad bot traffic was APBs.

Continuing to follow browser popularity trends, bad bots impersonated the Chrome browser 55.4% of the time. The use of data centers reduced again in 2019, accounting for 70% of bad bot trafficdown from 73.6% in 2018.

In 2019, 21.1% of country blocks were Russia, followed closely by China at 19%. Despite this, with most bad bot traffic emanating from data centers, the United States remains the bad bot superpower with 45.9% of attacks coming from the country.

We closely monitor how malicious bots iterate to evade detection and commit a wide range of attacks, and this years findings have revealed the next evolution: Bad Bots as-a-Service, said Kunal Anand, CTO at Imperva.

Bad Bots as-a-Service is an attempt by bot operators to legitimize their role and appeal to organizations facing increased pressure to stay ahead of competition. Its critical that businesses spanning all industries learn which threats are most pervasive in their field and take the necessary steps to protect themselves.

Bad bots interact with applications in the same way a legitimate user would, making them harder to detect and prevent. They enable high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.

Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, spam, transaction fraud, and more.

See more here:
Bad bot traffic increases, comprising almost one quarter of all website traffic - Help Net Security