Bots, automated online entities, are responsible for nearly half of all internet traffic, and a significant portion of them pose serious security risks. These bots are often used to create phishing scams, steal personal data, and even spread malware, harming both consumers and businesses.
Christoph C. Cemper, founder of AIPRM, a company specializing in AI prompt engineering, explains that bots can gain user trust and exploit it for scams, leading to financial losses, identity theft, and more. He adds that bots can also damage a brand’s reputation, especially for companies with popular social media profiles. By associating a brand with fraudulent activities, bots can hurt consumer loyalty and tarnish a brand’s image.
According to Imperva’s 2024 Bad Bot Report, the level of bad bot traffic has increased for the fifth year in a row, partly driven by the growing use of artificial intelligence (AI). In 2023, bad bots accounted for 32% of all internet traffic, marking a slight rise from the previous year. In total, non-human traffic (including both bad and good bots) made up nearly half of all internet activity in 2023, with human traffic dropping to 50.4%.
James McQuiggan from KnowBe4, a cybersecurity company, points out that good bots—such as those used for search engine indexing and customer service chatbots—serve useful purposes. However, the challenge lies in distinguishing between helpful automation and harmful bots.
The Impact of Bots: Ticket Scalping and More Bots are particularly problematic for industries like ticket sales. Thomas Richards from Black Duck Software highlights how malicious bots are used to purchase tickets quickly from websites, only to resell them at inflated prices. This type of bot activity has become increasingly difficult to detect and stop, as AI allows these bots to mimic human behavior and adapt to security measures.
Stephen Kowski from SlashNext adds that the increasing availability of AI tools makes it easier for criminals to deploy sophisticated bot attacks that bypass traditional security measures.
Bad Bots Are a Serious Security Threat David Brauchler from NCC Group emphasizes that the rise of connected devices and the expansion of SaaS platforms create more opportunities for bot-related traffic. Bad bots can overwhelm network resources, cause system outages, and exploit security vulnerabilities. Additionally, the proliferation of AI has allowed bots to impersonate human activity, making it easier to commit fraud and spam.
Brauchler notes that one of the biggest risks of AI-driven bots is the growth of spam. With no solid technical solution to effectively block this type of content, legitimate online interactions could be drowned out by the sheer volume of fake content generated by bots.
How to Identify Malicious Bots Malicious bots are often difficult to detect, as they interact with systems in ways that humans cannot easily recognize. AI-driven bots are particularly challenging because they can pass as human users, making it harder to spot fraudulent activities. However, there are some signs that users can look out for, such as unusual patterns in social media activity, generic profile pictures, or suspicious engagement.
In the enterprise setting, real-time behavioral analysis can be used to detect automated actions, such as rapid clicks or form submissions that are not typical of human behavior.
Bots as a Threat to Businesses Ken Dunham from Qualys warns that once bots are controlled by malicious actors, they can be used for a wide range of cyberattacks. These attacks can include credential stuffing, distributed denial of service (DDoS) attacks, vulnerability scans, and more. Bots can target login portals, APIs, and other systems, probing for weaknesses that could allow unauthorized access.
To protect against bot-driven threats, businesses should implement multi-factor authentication, use bot detection tools, monitor traffic for unusual patterns, and deploy CAPTCHA tests. McQuiggan also recommends educating employees about bot-related phishing and fraud attempts to foster a security-aware culture.
In conclusion, while bots have legitimate uses, the growing number of malicious bots presents significant risks to both consumers and businesses. Effective mitigation strategies and security awareness are crucial to staying ahead of this evolving threat.
