beebright - stock.adobe.com

Bad bots make up a quarter of APAC’s web traffic

Bots that run automated tasks have been responsible for stealing personal information among other malicious activities in the Asia-Pacific region, study finds

Bad bots accounted for 25.9% of website traffic in the Asia-Pacific region last year, culminating in bot attacks such as account takeovers, content or price scraping, and scalping to obtain limited-availability items, a new study has found.

According to the 2022 Imperva bad bot report, Singapore had the highest proportion of bad bot traffic in the region at 39.1%, followed by China with 38.6%. Next came Australia (25.7%), New Zealand (20.3%) and Japan (16.9%).

Globally, bad bots – software applications that run automated tasks with malicious intent, such as stealing personal information and credit card data – accounted for a record 27.7% of all website traffic in 2021, up from 25.6% in 2020.

These could be moderate and advanced bad bots that employ evasion techniques such as cycling through random IPs, entering through anonymous proxies, changing identities, and mimicking human behaviour bots to avoid detection by security defences.

In APAC, evasive bots made up 71.1% of all bad bot traffic. Across the region, China had the highest penetration of evasive bots (86.5%), while Australia has the highest penetration of advanced bots (36.3%). This breed of sophisticated bot produces mouse movements and clicks that fool even sophisticated detection methods.

“Digitally mature nations such as China and Australia have more businesses and consumers transacting online,” said Reinhart Hansen, director of technology at Imperva’s chief technology officer (CTO) office.

“This makes them rich targets for cyber criminals. As digital maturity grows, bot operators are using more sophisticated scripts that can evade common defences. Organisations need to invest in a solution that spots and manages even the most advanced bots.”

Imperva noted that bad bot traffic is rising at a time when organisations are investing in improving customer experiences online by offering more digital services and expanding their API ecosystems, opening up opportunities for automated attacks by bad bot operators.

The study found that organisations in the travel, retail and financial services industries were most targeted by bad bots last year because of the valuable personal data they store behind user login portals on their websites and mobile apps.

“Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, and degraded online services,” said Hansen. “With automated fraud growing in intensity and complexity, APAC organisations need to urgently implement advanced bot protection to safeguard their customers’ interests.”

Read more about cyber security in APAC

Read more on Web application security