From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | Part 1 | An Imperva Story With Ryan Windham


Manage episode 332706211 series 1535672
By ITSPmagazine, Sean Martin, and Marco Ciappelli. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

A new year and a new Bad Bot Report from Imperva. How is it looking? Well, this year, we see an increase in the sophistication level of bad bots compared to last year, with advanced bad bots accounting for 25.9% of all bad bot traffic in 2021, compared to 16.7% in 2020. In addition, evasive bad bots are on the rise, no industry is immune, and Account Takeover attacks are more prevalent than ever.

The good news is that not all bots are Superbad — they go from Simple to Moderate, Advanced, and, Evasive — and we are getting better at finding them.

During our conversation this year, we take a quick look back in time to last year's report to see what some of the changes are. Sadly, the team at Imperva is seeing more of the advanced bots we discussed during this conversation. Unfortunately, their ability to emulate human behavior makes them much more difficult to detect.

What's driving a lot of this rise in bad bots? More and more services are moving online.

We hope you enjoy this Part 1 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.

About the 2022 Imperva Bad Bot Report
Leveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.

Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.

Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.

Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.

Note: This story contains promotional content. Learn more.

Ryan Windham
VP of Application Security at Imperva [@Imperva]
On Linkedin |

Learn more about Imperva and their offering:

Imperva Bad Bot Report 2022:

Want the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here:

Be sure to listen to Part 2 of this conversation here:

Are you interested in telling your story?

1485 episodes