Almost three quarters of traffic is malicious

Almost three quarters of traffic is malicious

San Francisco, December 7, 2923

According to Arkose Labs, in the first nine months of the year, 73% of web and app traffic was associated with malicious bot activity, including SMS toll fraud, scraping and the creation of fake accounts. The anti-fraud platform identified the travel and hospitality industry as the industry most affected by malicious bots, followed by technology and retail.

Researchers analyzed attacks across three key vectors – simple bots, intelligent bots and human fraud farms – used by fraudsters for attack types such as SMS toll fraud, web scraping, card testing and credential stuffing.

In the first half of 2023 and the third quarter, bots and fraud farms caused billions of attacks and accounted for 73% of all web and app traffic, suggesting that nearly three-quarters of digital traffic is malicious. The total number of bot attacks increased by 167% in the first half of the year, largely due to a significant 291% increase in intelligent bot attacks.

Arkose said two new trends – generative AI and cybercrime-as-a-service (CaaS) – are fueling the rise in attacks. Researchers noted an increase in GenAI use by malicious actors to create compelling content, including phishing emails and dating app scams, while also seeing data scraping bots improve GenAI models.

At the same time, CaaS reduces the barriers to entry for cybercriminals. CaaS providers openly advertise their potentially illegal services, allowing anyone, including non-technical fraudsters, to purchase bots that bypass security measures and carry out large-scale attacks.