Australia remained in the top three countries targeted by bad bots in 2023, representing 8.4% of all bot attacks globally and ranking third behind the US and the Netherlands, according to a report issued by Imperva, a Thales company.
The 2024 Bad Bot report said bots, both good and bad, now made up 36.4% of Australia’s total Internet traffic, underlining the fact that businesses still face a threat from malicious and automated traffic.
Australia’s bad bot traffic grew to 30.2% in 2023, an increase of 23.2% year-on-year. The UK and France were fourth and fifth on the list, with 5.1% and 3.1% respectively of all bad bot traffic.
The report defined a bot as a a software application that ran automated tasks ranging from simple actions like filling out a form to more complex functions like scraping a website for data.
{loadposition sam08}"Bad bots are software applications that perform automated tasks with malicious intent," the report said. "These bots can extract data from websites without permission to re-use it and gain a competitive advantage.
"They are often used for scalping, which involves obtaining limited availability items and reselling it at a higher price. Bad bots can also be used to create
distributed denial-of-service attacks targeted at the application.
"Some bad bots undertake criminal activities such as fraud and outright theft. One example is bots that perform credential stuffing, one of the most prominent types of bot attacks."
The report, the 11th in the series, analysed data collected from the Imperva global network in 2023, including nearly six trillion blocked bad bot requests anonymised across thousands of domains and industries.
The company said the aim was to provide meaningful information about the nature and impact of bots to help organisations better understand the potential risks of bot traffic when not adequately managed.
Elaborating, Imperva said bad bots interacted with applications in a way that mimicked legitimate users, making them more challenging to detect and block. They exploited business logic by exploiting an application’s intended functionality and processes rather than its technical vulnerabilities.
"Bad bots facilitate high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to engage in malicious activities," the report said.
"Activities such as Web scraping, competitive data mining, personal and financial data harvesting, brute-force login attempts, scalping, digital ad fraud, denial-of-service attacks, spamming, transaction fraud, and other similar activities can harm a business.
"These activities consume bandwidth, slow down servers, and steal sensitive data, leading to financial losses and damage to a company’s reputation."
The report focused on bad bot activity at the Open Systems Interconnection model’s application layer (layer 7). The model describes seven layers that computer systems use to communicate over a network and was the first standard model for network communications, adopted by all major computer and telecommunication companies in the early 1980s.
The modern Internet is not based on OSI, but on the simpler TCP/IP model. However, the OSI 7-layer model is still widely used, as it helps visualise and communicate how networks operate, and helps isolate and troubleshoot networking problems.
OSI was introduced in 1983 by representatives of the major computer and telecom companies, and was adopted by ISO as an international standard in 1984.
These bot use cases are entirely different from volumetric DDoS attacks, which manipulate lower-level network protocols.
The report found that Australia has a high volume of simple bots (70.6%) – 31% higher than the global average. Industries in Australia with the highest proportion of simple bot traffic are business (88%), retail (87%) and lifestyle (82%).
The gaming industry continued to experience the highest levels of bad bot traffic mirroring the situation in Australia with bad bots making up 75.19% of all traffic.
Reinhart Hansen, director of Technology, Asia Pacific and Japan, at Imperva, a Thales company, stressed the criticality of taking proactive steps against bad bots as they grow in sophistication.
“With attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails, a proactive stance is essential to prevent data breaches, account takeovers, and large-scale data theft," he said.
"From simple Web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organisation’s bottom line by degrading online services and forcing more investment in infrastructure and customer support.
"Organisations in Australia must proactively confront the menace of bad bots as attackers sharpen their focus on API-related abuses that can lead to
compromised accounts and data exfiltration."