Bad to the cyber-bone: analyst warns of malicious bots flooding internet

Malicious programs that mimic human computer use for cybercriminal purposes, known as “bad bots,” are becoming more sophisticated, a study says.
Cybersecurity researcher Imperva claims that in 2022 it classed around half of bad bots as sophisticated, compared to just a quarter the previous year.
“This is a concerning trend for businesses, as advanced bad bots use the latest evasion techniques and closely mimic human behavior to evade detection by cycling through random IPs [internet protocols], entering through anonymous proxies, and changing identities,” said Imperva.
What’s more, account takeover attacks more than doubled, with a 155% year-on-year rise noted by the analyst.
“Every organization, regardless of size or industry, should be concerned about the rising volume of bad bots across the internet,” said Imperva. “Year-over-year, the proportion of bot traffic is growing and the disruptions caused by malicious automation results in tangible business risks, from brand reputation issues to reduced online sales and security risks for web applications, mobile apps, and APIs.”
The most targeted sectors by bad bots continue to be travel, retail, and finance, with Germany, Ireland, Singapore, and the US suffering more than the global average of such attacks, Imperva added.
Mobile Safari appears to be the most popular browser used by cybercriminals to disguise their bots, with a fifth illicitly using the legal service for this purpose in 2022, it said.
“Cybercriminals use bad bots to facilitate credential stuffing and brute-force attacks, as automation can cycle through credentials quickly until successful,” said Imperva. “These attacks have the potential to lock customers out of their account, provide fraudsters with sensitive information and contribute to business revenue loss.”