Radware’s annual Global Application and Network Security Report aims to provide insights into the complex challenges faced by organizations as they seek to balance business agility and security requirements. The 2019–2020 Global Application & Network Security Report, our ninth annual version, combines statistical research with real attack data and analyses of developing trends to identify cybersecurity trends that are important to organizations as they determine long-term growth strategies.
This year’s survey involved 561 individual respondents representing a diverse range of organizations around the world. Our study was based on research from previous years to gather vendor-neutral information from organizations preparing to confront cyberattacks. The report’s overall findings are intended to help security professionals gain insights into how well their applications and networks are secured, the vulnerabilities they may be exposed to, and detection and mitigation strategies that enable them to secure their organizations IT systems. Let’s look at some of the key bot-related findings our report uncovered.
Bot attacks: key stats
These findings point to a compelling need for wider adoption of bot management solutions to accurately identify key characteristics of automated attack traffic.
Verticals experiencing the most daily attacks
Also read: ‘The E-commerce Industry Automated Threat Landscape’.
Types of bot attacks in 2019
Bad bot traffic by generation ─ 12 month snapshot
Sophisticated humanlike (fourth-generation) bots made up 23% of bot traffic observed in the previous 12 months, and distributed (third-generation) bots made up 15% of traffic. Second-generation ‘headless browser’ bots were the largest in volume at 46%, while simple first-generation ‘script bots’ represented 16% of observed bot traffic. For a closer look at the four generations of bots, read our e-book ‘The Ultimate Guide To Bot Management’.
Threat actors are increasingly targeting APIs, the main information paths between applications. Sophisticated bots will become growingly capable of automatically sensing bot mitigation techniques, and will, in response, change attack techniques between vectors. In addition, the ongoing global rollout of ultra-fast, low-latency 5G communications will bring online massive numbers of IoT (Internet of Things) devices, which will lead to the creation of even larger and more harmful botnets.
Malicious entities such as nation-states can leverage such widely-distributed botnets to carry out large-scale espionage and disinformation campaigns. Organized crime syndicates are already deploying botnets to commit fraud, theft, and account takeovers as more consumers get online and use a growing number of services. Most ominously, as automation tools to create botnets keep growing in sophistication, they are also becoming more affordable and available. Interestingly, some bot vendors even offer customer support services to help their users more effectively carry out bot attacks.
While some enterprises try to develop in-house bot management tools, they are generally ineffective against the newest humanlike bots when compared to dedicated bot management solutions. One thing that’s certain is that the escalating arms race between malicious automation and security professionals is only going to get more intense.
For a deeper dive, read the 2019-2020 Global Application & Network Security Report here.