Imperva report reveals record climb in bad bot traffic

Malicious bot traffic climbed to record highs in 2020, new research by leading security firm Imperva reveals. Healthcare websites, such as those providing information on COVID-19 vaccinations, were particular targets. 

The 2021 Imperva Bad Bot Report is the eighth annual global in-depth analysis of bot traffic across every industry. The latest study finds that last year witnessed the highest percentage of bad bot traffic (25.6%) since the inception of the report in 2014, while traffic from humans fell by 5.7%. More than 40% of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of bots in daily life.

Key findings include: 

⦁ Bots are targetting COVID-19 vaccine appointment sites. Imperva Research Labs monitored a 372% increase in bad bot traffic on healthcare websites since September 2020. More recently, as vaccines became available to more age groups, Imperva Research Labs recorded bot activity at rates of 12,000 requests per hour. For health systems, pharmacies and retailers involved in the vaccine rollout, bots could disrupt the supply chain by polluting the network and make it harder for legitimate users to access appointment scheduling services.

⦁ Scalper bots took advantage of the global pandemic. These bots use automated methods to secure goods, and throughout 2020 were used to stockpile commodities. At the beginning of the year, bots were used to hoard large inventories of face masks, sanitisers, detergents, home workout equipment and more. 

⦁ Bots involved in account takeover fraud increased. Businesses with a login page on their website are under continuous credential stuffing and credential cracking attacks. In 2020, 34% of all login attempts originated from malicious bots. This is a particular concern for healthcare. 

⦁ The United States is both the most attacked nation and largest host of bad bots. For a seventh consecutive year, the US was the most attacked nation by bad bots (37.2%) with China (8.3%) and the United Kingdom (6.9%) following behind. Bad bots were often launched from the same country they were targeting - the US is the leading country where bad bots are hosted (40.5%).

Commenting on the report, Edward Roberts, Director of Strategy and Application Security at Imperva said: “As we’ve monitored over the past eight years, bad bots continue to ravage the internet, while attack characteristics are becoming more advanced and nuanced over time. 

“Throughout the past year and during a global pandemic, bad bots have thrived by targeting new markets and the impacts are now felt by everyday consumers. Bad bots must be a top concern for businesses and security practitioners in 2021 as the problem is likely to grow. Organisations must take proactive action to secure their websites, applications and APIs from these threats as bots are increasingly involved in fraudulent activity that can be a source of reputational and financial damage.”

Read our article featuring Terry Ray, SVP at Imperva, discussing how healthcare providers can protect themselves from cyber attacks in Healthcare Global's latest magazine