The percentage of internet traffic that is bots continues to rise every year, and last year bots made up 49.6% of all internet traffic, which was a 2% increase from 2022.
This is according to Imperva’s 2024 Bad Bot Report, which analyzed bot traffic across the internet. They found that the proportion of bots out there has consistently grown for the past five years.
According to their findings, bad bots — which are bots that are used for nefarious purposes — also grew in number. In 2023, 32% of web traffic was bad bots, which is up from 30.2% in 2022.
The countries with the highest number of bad bots were Ireland with 71% of traffic being bad bots, Germany with 67.5%, and Mexico with 42.8%. In the US, bad bots made up 35.4% of traffic.
Imperva believes that the advent of generative AI has contributed to the rise of bot traffic, because things like ChatGPT make it easy to create simple bots.
They also found that bad bot traffic that comes from residential ISPs has risen, which is an indication that bad actors are using proxies that make it seem like they are coming from a legitimate IP address. Bad bots that disguise themselves as mobile user agents made up 44.8% of bad bot traffic, which is up from 28.1% five years ago.
And finally, the report found that the most popular attack vector of bad bots were APIs. Seventeen percent of API attacks were done by bad bots that were exploiting vulnerabilities in business logic.
“Bots are one of the most pervasive and growing threats facing every industry,” said Nanhi Singh, general manager of application security at Imperva, a Thales company. “From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization’s bottom line by degrading online services and requiring more investment in infrastructure and customer support. Organizations must proactively address the threat of bad bots as attackers sharpen their focus on API-related abuses that can lead to account compromise or data exfiltration.”