beebright - stock.adobe.com

Bad bot traffic in Australia grew 23% in 2023

Traffic from bad bots that perform malicious tasks accounted for 30.2% of Australia’s internet traffic in 2023

Australia was one of the top three countries targeted by bad bots in 2023, accounting for 8.4% of all bot attacks globally and ranking third behind the US and Netherlands, according to a study by Imperva.

Bots – both good and bad – made up 36.4% of Australia’s total internet traffic last year, with bad bot traffic growing to 30.2%, an increase of 23.2% year on year.

Globally, traffic from bad bots rose for a fifth consecutive year, reaching 32% of total internet traffic in 2023, up from 30.2% in 2022.

Bad bots are software applications that have been programmed to perform malicious tasks, such as extracting data from websites without permission, launching distributed denial-of-service (DDoS) attacks and performing credential stuffing.

They can also exploit application programming interface (API) vulnerabilities to manipulate legitimate software functionality to gain access to sensitive data or user accounts.

More sophisticated threat actors are also combining the use of mobile user agents and residential proxies to make it seem as if their bot traffic came from a legitimate IP address. Bad bots masquerading as mobile user agents accounted for 44.8% of all bad bot traffic in the past year, up from 28.1% just five years ago.

Reinhart Hansen, director of technology for Asia-Pacific and Japan at Imperva urged organisations to take proactive steps against bad bots which are becoming more sophisticated.

“With attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails, a proactive stance is essential to prevent data breaches, account takeovers, and large-scale data theft.

“From simple web scraping to malicious account takeover, spam, and denial-of-service, bots negatively impact an organisation’s bottom line by degrading online services and forcing more investment in infrastructure and customer support.

“Organisations in Australia must proactively confront the menace of bad bots as attackers sharpen their focus on API-related abuses that can lead to compromised accounts and data exfiltration,” he said.

The growing popularity of generative artificial intelligence (GenAI) tools also led to more simple bots being created. According to the study, the volume of simple bots grew to 39.6% in 2023, up from 33.4% in 2022.

Australia, in particular, experienced a high volume of simple bots (70.6%) – 31% higher than the global average. The industries in Australia with the highest proportion of simple bot traffic were business, retail, and lifestyle.  

Elsewhere in Asia-Pacific, Singapore notably saw a high level of bad bot traffic, accounting for 35.2% of its internet traffic, surpassing the global average. By contrast, Japan recorded the lowest level of bad bot traffic at 17.7%.

Read more about cyber security in Australia

Read more on Network security strategy