ShieldSquare is now Radware Bot Manager

ShieldSquare is now Radware Bot Manager

First Look: The Big Bad Bot Problem 2020 – Part 2

April 13, 2020 | All Automated Threats Radware Research News & Events

The-Growing-Impact-of-Generation-4-Bots
Radware’s annual ‘The Big Bad Bot Problem 2020’ report is a comprehensive analysis of overall traffic across our global client base to uncover bot origins, targets, attack methods and trends. Our researchers analyzed hundreds of millions of instances of bots, both the good kind and the bad, along with their behavior, fingerprints, and origins, and their findings have been detailed in the report.

As bot continue to become more sophisticated, fraudsters, hacktivists, business competitors and state-backed operatives are increasingly using advanced bots to carry out their attacks. The most advanced of these are 4th-generation bots that are programmed to mimic the behavior of humans as they traverse websites and mobile applications. This helps them evade basic security measures which were not specifically developed to detect bots and contributes to the severity of their impact.


While earlier 1st and 2nd-generation bots comprised a majority of bad bots in years past, we now see attackers favoring 3rd and 4th-generation bots that mimic human behavior when executing attacks. Our researchers found that in 2019, nearly 38% of bots used to execute account takeover attacks and 41.6% of bots carrying out API abuse were 4th-generation bots.

Figure 1: Behavior of bad bots by generation

As ISPs and data centers that are notorious for originating bad bot traffic get blacklisted, cybercriminals change tactics by using compromised residential IP addresses, cloud data centers, multiple User Agents, and programmatic requests to conceal bot traffic by making them appear to be genuine users. Our research finds that Web applications are the most exploited attack surface across industries, increasing 10% over our 2018 volumes to make up 35% of total traffic on web applications.

Along with growing attacks on web applications, bot attacks on mobile devices also grew in 2019, representing 15.4% of total traffic mobile applications, compared to 13.4% in 2018. Our research also found that APIs ─ used to enable interoperability between various Web applications ─ are being attacked to steal personally identifiable information (PII), payment card details, and confidential business data. Our findings show that bad bot traffic on APIs in 2019 constituted 16.6% of all API traffic, a significant increase from the 14.3% we recorded in 2018.

Figure 2: Most Exploited Attack Surfaces – 2018 vs. 2019

Download The Big Bad Bot Problem 2020 report for a comprehensive summary of bot trends, attack methods, origins, as well as valuable recommendations on bot management.


Tags: , , ,

Subscribe to Radware Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Related Content

June 22, 2020
How Good Bots Help Media and Publishing Portals
April 21, 2020
Webinar — The Growing Buzz Around Bot Management
April 17, 2020
First Look: The Big Bad Bot Problem 2020 ─ Part-3

Step Up and Take Action

Powered by Think201