Study: Bad bots represent 30% of Internet traffic.
N2K logoMay 12, 2023

Automated traffic makes up almost half of all traffic online.

Study: Bad bots represent 30% of Internet traffic.

Imperva’s 10th edition of the Bad Bot report, regarding autonomous bot traffic on the internet, found that in 2022 almost 50% of all internet traffic was from automated bots marking a 5.1% increase in automated traffic. The report also showed that “good bots” are increasing in prevalence with 17.3% of all traffic, and “bad bots” (those used by bad actors to troll for vulnerabilities) increased to 30.2%. Imperva writes, “As bad bot evasion techniques become increasingly sophisticated, we are observing a fascinating trend, where advanced bad bot levels (51.2%) are growing at the expense of moderate ones (15.4%). Simple bad bot levels have remained similar, at about a third (33.4%) of all bad bot traffic. Because moderate and advanced bad bots represent the more “self-conscious” bots that go to greater lengths to hide their true identity, we often group them and refer to them as evasive bad bots. In 2022, these evasive bad bots accounted for 66.6% of all bad bot traffic – a slight increase from the previous year (65.5%). While the increase isn’t substantial, it is the makeup of evasive bad bots that is alarming, with advanced bad bot levels essentially doubling.” 

Bad Bots are active across the globe and especially active where the money is.

The report showed that bad bot traffic affects all industries with Law and Government taking first place at 89% of the share. While the United States unsurprisingly was in first place for most attacked countries, the report finds that malicious automated attacks span the globe.  TechRadar explains “Most of the bad bot activity takes place in Germany, Ireland, Singapore, and the United States where, travel, retail, and financial service continue to experience an abnormally high volume of attacks.”

Attackers continue to grow more advanced and evolve their techniques.

Mark Bermingham, VP of Cyware, said “This trend is alarming, but also unsurprising. Attackers will continue to pursue any viable path of exploitation. The sad truth is a lot of this is identified by threat intel. Aligning threat intel insights, both trending and historical, with actions based on these insights would provide defenders with capability that would limit the effectiveness and/or longevity of an attack. The tools exist, the data exists. Aligning these two information assets with action, some of which can be driven by automation, presents an attractive path forward for defenders.”