beebright - stock.adobe.com
Bad bots accounted for 25.9% of website traffic in the Asia-Pacific region last year, culminating in bot attacks such as account takeovers, content or price scraping, and scalping to obtain limited-availability items, a new study has found.
According to the 2022 Imperva bad bot report, Singapore had the highest proportion of bad bot traffic in the region at 39.1%, followed by China with 38.6%. Next came Australia (25.7%), New Zealand (20.3%) and Japan (16.9%).
Globally, bad bots – software applications that run automated tasks with malicious intent, such as stealing personal information and credit card data – accounted for a record 27.7% of all website traffic in 2021, up from 25.6% in 2020.
These could be moderate and advanced bad bots that employ evasion techniques such as cycling through random IPs, entering through anonymous proxies, changing identities, and mimicking human behaviour bots to avoid detection by security defences.
In APAC, evasive bots made up 71.1% of all bad bot traffic. Across the region, China had the highest penetration of evasive bots (86.5%), while Australia has the highest penetration of advanced bots (36.3%). This breed of sophisticated bot produces mouse movements and clicks that fool even sophisticated detection methods.
“Digitally mature nations such as China and Australia have more businesses and consumers transacting online,” said Reinhart Hansen, director of technology at Imperva’s chief technology officer (CTO) office.
“This makes them rich targets for cyber criminals. As digital maturity grows, bot operators are using more sophisticated scripts that can evade common defences. Organisations need to invest in a solution that spots and manages even the most advanced bots.”
Imperva noted that bad bot traffic is rising at a time when organisations are investing in improving customer experiences online by offering more digital services and expanding their API ecosystems, opening up opportunities for automated attacks by bad bot operators.
The study found that organisations in the travel, retail and financial services industries were most targeted by bad bots last year because of the valuable personal data they store behind user login portals on their websites and mobile apps.
“Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, and degraded online services,” said Hansen. “With automated fraud growing in intensity and complexity, APAC organisations need to urgently implement advanced bot protection to safeguard their customers’ interests.”
Read more about cyber security in APAC
- Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds.
- Observability platform supplier Coralogix has set up a cyber security venture and a global security resource centre in India to tap the growth opportunities in India.
- Check Point is shoring up its sales force and partner ecosystem in ASEAN to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors.
- Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability.