t cht lk
t cht lk
“ Bots have evolved rapidly since 2013 , but with the advent of generative Artificial Intelligence , the technology will evolve at an even greater , more concerning pace over the next 10 years ,” said Karl Triebes , Senior Vice President and GM , Application Security , Imperva .
“ Cybercriminals will increase their focus on attacking API endpoints and application business logic with sophisticated automation . As a result , the business disruption and financial impact associated with bad bots will become even more significant in the coming years .”
Key findings from the 2023 Imperva Bad Bot Report :
• Bad bots are increasingly sophisticated and harder to detect . In 2022 , the proportion of bad bots classified as ‘ advanced ’ accounted for more than half ( 51.2 %) of all bad bot traffic . In comparison , the level of bad bot sophistication in 2021 was 25.9 %. This is identified as a concerning trend for businesses as advanced bad bots use the latest evasion techniques and closely mimic human behavior to evade detection by cycling through random IPs , entering through anonymous proxies and changing identities .
• Account takeover ( ATO ) attacks increased 155 % in 2022 . Further , 15 % of all login attempts in the past 12 months , across all industries , were classified as account takeover . Cybercriminals use bad bots to facilitate credential stuffing and brute force attacks , as automation can cycle through credentials quickly until successful . These attacks have the potential to lock customers out of their account , provide fraudsters with sensitive information , contribute to business ’ revenue loss and increase the risk of non-compliance .
• Bad bots target APIs to abuse business logic and compromise accounts . In 2022 , 17 % of all attacks on APIs came from bad bots abusing business logic . A business logic attack exploits flaws in the design and implementation of an API or application for the intent of manipulating legitimate functionality to steal sensitive data or illegally gain access to accounts . Further , 35 % of account takeover attacks in 2022 specifically targeted an API . When APIs are called programmatically , attackers
76 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com