Latest news with #2025ImpervaBadBotReport
Straits Times
04-05-2025
- Business
- Straits Times
Malicious bots behind nearly half of web traffic in S'pore: Study
Politically-motivated activities have also risen, with these bots setting up social media accounts to proliferate politically-charged messages. PHOTO ILLUSTRATION: PEXELS Malicious bots behind nearly half of web traffic in S'pore: Study SINGAPORE – Malicious bots aided by artificial intelligence (AI) tools now generate 45 per cent of all internet traffic in Singapore, a sharp rise from 35 per cent a year ago, according to a new study. The 2025 Imperva Bad Bot Report, which compared bot traffic between 2023 and 2024, found bad bots to be most prevalent in the gambling, gaming, automotive and travel sectors here. The 12th edition of the report drew from data collected from across the Imperva global network in 2024, including the blocking of 13 trillion bad bot requests across thousands of domains and industries. Singapore ranked fourth among places in the Asia-Pacific that were most targeted by bad bots in 2024, after Hong Kong, Indonesia and Australia, according to the 12th annual study released in late April by United States-based cyber-security firm Imperva. Globally, automated bot traffic surpassed the human-generated type for the first time in a decade, constituting 51 per cent of all web traffic in 2024, according to the study. Of the total bot traffic, 37 per cent were found to be malicious activities, including data scraping, payment fraud, account takeovers, credentials theft and distributed denial of service (DDoS). DDoS attackers make websites unavailable to legitimate users by flooding the sites with queries. With the help of AI, bad bots can mimic human behaviour – including mouse movements and clicks – making them difficult to detect and block, said the report. 'The surge in AI-driven bot creation has serious implications for businesses worldwide,' said Mr Tim Chang, general manager of application security at Thales, which owns Imperva. The emergence of advanced AI tools – including ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI and Cohere AI – has transformed the methods by which attackers execute cyber threats. For instance, bad bots automatically crack outdated mobile applications that do not enforce mandatory updates, write codes to increase attack volumes and collect large quantities of sensitive data . In 2024, Imperva blocked an average of two million AI-powered cyber attacks daily . ByteSpider Bot alone accounted for more than half of all AI-enabled attacks globally. Other significant contributors include AppleBot, ClaudeBot and ChatGPT User Bot. Over the last few months, politically-motivated activities have risen, with these bots setting up social media accounts to proliferate politically-charged messages in the midst of the hustings as Singaporeans prepare to go to the polls on May 3, Appdome, another cyber-security firm, found. Such traffic typically comes in the form of social media post hijacking, where bots produce inflammatory or empathetic messages to rouse viewers to engage with the content, said Mr Jan Sysmans, Appdome's mobile app defence evangelist based in Singapore. 'The people behind these bots are trying to propagate their own agenda and create tension to spark a flame,' he added. 'There isn't a standard way these bots approach (hijacking). It just encourages users to engage in the content, which influences their algorithm. Subsequently, users will get fed more of such inflammatory or empathetic content, creating an echo chamber effect.' Globally, the travel sector is the most targeted, accounting for over a quarter of all bot attacks. It is trailed by the retail, education and financial services sector, according to the Imperva study. Notably, travel websites face an increase in simple bot attacks, possibly launched by less sophisticated criminals using AI tools . These attacks include 'seat spinning', where bots simulate the booking process of flight tickets up to the payment step, without completing the purchase. This hogs tickets and denies potential customers access to them, disrupting airline businesses and jeopardising their reputation. AI tools flooding travel websites with traffic may also inflate the demand and costs of tickets. Online retailers faced threats including scalping, credential stuffing, gift card fraud and DDoS – all year round in 2024 as opposed to just during festive seasons in 2023. Scalping involves buying many of the same items such as limited edition goods or concert tickets at the usual price and reselling them at higher prices. Credential stuffing involves taking over someone's online account using stolen usernames and passwords. Financial services, telecom, healthcare and retail are the most targeted industries for bot attacks on application programming interfaces (APIs). These sectors depend on APIs for critical operations and sensitive transactions, making them prime targets for such sophisticated bot attacks. APIs act like a bridge between applications, allowing them to share data. For instance, an e-commerce platform that accepts credit card payments or bank transfers is linked via APIs to the payment-service firm or the bank. Bots typically steal customer information or competitive intelligence, abuse promotional mechanisms and exploit vulnerabilities in check-out systems for fraud, according to the study. 'Businesses need to take steps to protect themselves from bots and online fraud,' Imperva said, urging businesses to implement multifactor authentication measures and real-time bot detection to protect customers. On how internet users should protect themselves from falling prey to the effects of bad bots, Mr Sysmans said: 'It is going to be very hard, with how advanced AI and technology is now. But one must always be vigilant and ask, 'Is this too good to be true?'' Join ST's WhatsApp Channel and get the latest news and must-reads.
TECHx
18-04-2025
- Business
- TECHx
AI Surge Drives Rise in Bad Bot Attacks, Says Thales Report
Thales has released the 2025 Imperva Bad Bot Report, a global analysis of automated traffic trends. The report shows that AI is now driving a sharp rise in bad bot activity. For the first time in ten years, bot traffic has surpassed human traffic online, making up 51% of all web activity in 2024. This growth is linked to the rapid use of generative AI tools and large language models (LLMs). These tools make it easier for attackers to create and launch bots. As a result, bad bots accounted for 37% of internet traffic last year, up from 32% in 2023. It marks the sixth year in a row that bad bot traffic has increased. The report highlights that attackers are now using AI to analyze failed attacks and improve their methods. At the same time, the rise of Bots-as-a-Service (BaaS) is making bot attacks more accessible and frequent. Industries like travel and retail are facing the highest levels of bad bot traffic. In 2024, 59% of all retail traffic and 41% of travel site traffic came from bots. The travel industry was the most targeted, seeing 27% of all attacks. There was also a major shift from advanced to simple bots, showing that basic tools can now cause large-scale harm. Thales also reports that AI bots such as ByteSpider, ClaudeBot, and ChatGPT User Bot are being used for cyberattacks. ByteSpider alone was responsible for over half of all AI-driven attacks. Other AI bots, including AppleBot and Google Gemini, were also active. The study notes that API attacks are rising fast. Nearly 44% of advanced bot activity targeted APIs in 2024. These bots aim to exploit business logic, rather than just flood systems. They perform actions like account hijacking, payment fraud, and data theft. Industries using APIs for sensitive operations, such as finance, healthcare, and e-commerce, are most at risk. Financial services were the top target for account takeover attacks, accounting for 22% of all incidents. Telecoms followed at 18%, and computing at 17%. With APIs being vital to digital operations, attackers are focusing on weak points to access critical data. According to Thales, businesses must now rethink how they manage bot threats. While bad bots are evolving, security strategies must adapt too. Proactive defenses and smarter bot detection tools are key to staying ahead.
