Voting
?What about new design for our website
- Excellent
- Very Good
- Good
Voting Number 1647
- Khaled bin Mohamed bin Zayed attends specialised demonstrations by 22nd cohort of UAE National Service Programme at Sweihan Training Centre
- Hamdan bin Mohammed witnesses display of skills of National Service Programme recruits
- 44 Interns Join Lockheed Martin’s Advanced Technology Internship in Abu Dhabi
- DCI’s OCA Steers MDO Command Course
- EDGE Recognised as ‘Best Company to Work For’ at the Employee Happiness Awards 2025
- Raytheon and Northrop Grumman Achieve Milestone in Next-Gen Interceptor Rocket Motor Tests
- SMARTSHOOTER Secures USD13 M U.S. Army Contract for Fire Control Systems
- L3Harris Boosts Space Force Defences with Mobile Satellite Comms Jammer
- MH-139A Concludes Nuclear Transport Training Exercise
- EDGE Signs MoU to Localise Maintenance Capabilities of Thales’ Advanced Optronic Systems in the UAE
- Babcock Wins Contract to Support Nuclear Submarine Defueling Operations
- Embraer to Offer Gogo Galileo HDX In-Flight Connectivity for Phenom 300
- Germany to Acquire Joint Strike Missiles for F-35s in Deal with Kongsberg
- BAE Systems to Build 10 Missile Warning Satellites Under U.S. Space Force Deal
- EDGE Signs Record-Breaking AED 9 Billion Naval Contract with Kuwait Ministry of Defence
- Hamdan bin Mohammed attends graduation ceremony of 43rd cohort of Zayed II Military College in Al Ain
- Saab Showcases Locally Developed Coast Control Radar at Make it in the Emirates 2025
- EDGE Entity EPI Receives Prestigious Accreditation from EIAC for Calibration
- Make it in the Emirates 2025 Concludes Successful Day Three under the Theme of Smart Manufacturing, Industry 4.0, and Artificial Intelligence
- Tawazun Council and Thales Sign Agreement to Establish Ground Master Air Surveillance Radar Production Facility in UAE
2025-05-21
AI Bad Bots: Detect, Block, Adapt
Thales, a leading global technology and security provider, has announced the release of the 2025 Imperva Bad Bot Report, a global analysis of automated bot traffic across the Internet.
The 12th annual study reveals that generative artificial intelligence (AI) is revolutionising bot development, enabling less sophisticated actors to launch more frequent and numerous attacks. Attackers now leverage AI to scrutinise failed attempts and refine evasion techniques efficiently, amidst a growing Bots-As-A-Service (BaaS) ecosystem.
Automated bot traffic surpassed human-generated traffic for the first time in a decade, constituting 51 per cent of all Web traffic in 2024. This shift is largely attributed to the rise of AI and Large Language Models (LLMs), which have simplified the creation and scaling of bots for malicious purposes.
The growing accessibility of AI tools is empowering cyber criminals to create and deploy malicious bots, which have surged to represent 37 per cent of all Internet traffic, up from 32 per cent in 2023. This is the sixth consecutive year of growth in bad bot activity, posing security challenges for organisations striving to safeguard their digital assets.
Both the Travel and the Retail sectors face an advanced bot problem, with bad bots making up 41 per cent and 59 per cent of their traffic respectively. In 2024, the travel industry became the most attacked sector, accounting for 27 per cent of all bot attacks, up from 21 per cent in 2023.
Notable Shift
The most notable shift in 2024 is the decline in advanced bot attacks targeting the travel industry (41 per cent, down from 61 per cent in 2023) and the sharp upsurge in simple bot attacks (52 per cent, up from 34 per cent).
This shift shows AI automation lowers attacker barriers, enabling less skilled actors to launch more frequent basic bot attacks. Instead of solely complex methods, cybercriminals increasingly use high volumes of simpler bots to inundate travel sites, causing more widespread attacks.
The emergence of advanced AI tools, including ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI, and Cohere AI, are transforming not just user interactions but also the methods by which attackers execute cyber threats.
The Imperva Threat Research team highlights the exploitation of readily available AI tools in cyberattacks, noting that ByteSpider Bot accounts for a substantial 54 per cent of all attacks leveraging artificial intelligence.
The team's analysis further identifies other noteworthy AI-driven bots contributing to this landscape, including AppleBot at 26 per cent, ClaudeBot at 13 per cent, and ChatGPT User Bot at six per cent. This concentration of AI-enabled attacks within a few key bots underscores the speed at which malicious actors are adopting and scaling their use of these advanced technologies.
The dominance of ByteSpider Bot, in particular, signals a significant trend in the automation of sophisticated attack methodologies, posing an increasing challenge to existing cybersecurity defences.
“The surge in AI-driven bot creation has serious implications for businesses worldwide,” said Tim Chang, General Manager of Application Security at Thales. “As automated traffic accounts for more than half of all Web activity, organisations face heightened risks from bad bots, which are becoming more prolific every day.”
Evolving Cyber Attacks
As attackers become more adept at utilising AI, they're able to execute a variety of cyber threats – ranging from Distributed Denial of Service (DDoS) attacks to custom rules exploitation and API violations. Whilst bot-driven attacks have become increasingly sophisticated, they pose major challenges for detection efforts.
“This year’s report sheds light on the evolving tactics and techniques utilised by bot attackers. What were once deemed advanced evasion methods have now become standard practice for many malicious bots,” Chang said. “In this rapidly changing environment, businesses must evolve their strategies. It's crucial to adopt an adaptive and proactive approach, leveraging sophisticated bot detection tools and comprehensive cybersecurity management solutions to build a resilient defence against the ever-shifting landscape of bot-related threats.”
Imperva Threat Research reports a sharp rise in API-targeted attacks, with 44 per cent of advanced bot traffic focusing on APIs. These bots go beyond overwhelming endpoints, aiming to exploit weaknesses in API business logic to carry out payment fraud, account hijacking, and data theft.
Sensitive Data Threats
The report's findings expose a targeted campaign by cybercriminals to compromise API endpoints processing valuable sensitive data.
This emerging threat carries consequences for API-dependent industries where these digital gateways facilitate mission-critical processes. Particularly vulnerable are financial institutions, healthcare providers, and online retailers — sectors now facing relentless assaults from advanced bots designed to penetrate their most sensitive systems.
APIs serve as the backbone of modern applications, enabling connectivity across services, streamlining operations, and delivering personalised customer experiences at scale.
They fortify functions such as payment processing, supply chain management, and AI-driven analytics, making them crucial for enhancing efficiency, accelerating product development, and unlocking new revenue streams.
Critical Sector Risks
The 2025 Imperva Bad Bot Report reveals that financial services, healthcare, and e-commerce are the most at-risk industries, primarily due to their reliance on APIs. Financial services faced the highest number of account takeover (ATO) attacks at 22 per cent, driven by the value of data like credit card and bank details. The growing use of APIs has expanded the attack surface, with weak authentication methods enabling frequent data theft.
Based on 2024 data from Imperva’s global network, the report analyses 13 trillion blocked bot requests across various sectors.
Based on 2024 data from Imperva’s global network, the report analyses 13 trillion blocked bot requests across various sectors.
Proactive Defence: A Strategic Necessity
There’s no universal fix to bot protection. Each website is different and has its own vulnerabilities and attack vectors. But being proactive and implementing layered strategies can dramatically reduce exposure. The most effective method is to use a comprehensive cyber security management platform in tandem with bot detection tools.
Key Recommendations
Below are key recommendations to strengthen defences against AI-driven bot threats.
Risk Identification
Protect High-Demand Product Launches from Bot Intrusion: Marketing and eCommerce campaigns —especially those involving limited-quantity, high-demand products—tend to draw significant attention from bots. Whether it’s the release of the latest sneakers, next-generation gaming consoles, or exclusive collectibles, announcing a launch date often acts as a magnet for automated traffic.
These bots are designed to purchase products at scale before genuine customers have a chance, jeopardising both the customer experience and the integrity of your sales strategy. To combat this, it is critical to implement advanced traffic analysis, real-time bot detection systems, and robust user authentication measures. These defences help ensure fair access for legitimate users while filtering out malicious automation.
These bots are designed to purchase products at scale before genuine customers have a chance, jeopardising both the customer experience and the integrity of your sales strategy. To combat this, it is critical to implement advanced traffic analysis, real-time bot detection systems, and robust user authentication measures. These defences help ensure fair access for legitimate users while filtering out malicious automation.
Secure Vulnerable Web Features Against Automated Abuse: Identifying and securing website features prone to bot exploitation is essential to any bot mitigation strategy. Login portals, checkout pages, and gift card systems are common targets. Bots may launch Credential Stuffing or Cracking attacks on login pages, commit credit card fraud through checkout forms, or exploit gift card functionalities. To mitigate these risks, implement layered security such as multi-factor authentication, CAPTCHAs, and real-time behavioural monitoring to reduce bot-driven threats and maintain site integrity.
Vulnerability Reduction
Protect APIs and Mobile Access Points: Safeguarding exposed APIs and mobile applications is just as important as protecting your website. A comprehensive cybersecurity strategy must cover all digital touchpoints—not just the front-end. APIs and mobile apps often act as gateways to core web services and sensitive data, making them attractive targets for cyber threats.
Strengthening security across these platforms and preventing unauthorised communication between systems are essential steps in reducing vulnerabilities. By adopting an integrated approach, organisations can establish a cohesive defence that limits the risk of breaches through any digital access point.
Strengthening security across these platforms and preventing unauthorised communication between systems are essential steps in reducing vulnerabilities. By adopting an integrated approach, organisations can establish a cohesive defence that limits the risk of breaches through any digital access point.
Block Risky Traffic Sources: Restrict outdated browsers and enforce CAPTCHAs on those nearing end-of-life to deter bots. Block access from bulk IP data centres and monitor proxy services like Host Europe GmbH and Digital Ocean. Detect automation tools such as Puppeteer, Selenium, and WebDriver by flagging unnatural browsing behaviour and rapid interactions.
Threat Reduction: Proxies
Block Proxy Bots: Malicious bots increasingly use proxy services and Internet Protocol (IP) rotation to mimic legitimate user behaviour and conceal their origin, making detection more difficult. A strong defence involves blocking access from bulk IP data centres — common sources of such attacks. Notable examples include Host Europe GmbH, Dedibox Société par Actions Simplifiée (SAS), Digital Ocean, OVH Société par Actions Simplifiée, and Choopa Limited Liability Company (LLC). Monitoring and restricting traffic from these providers can reduce the risk of proxy-enabled bot intrusions.
Threat Reduction: Automation
Detect Automation Early: Modern tools like Puppeteer, Selenium, and WebDriver are often misused by attackers to imitate human actions online, enabling them to carry out harmful activities such as bulk account registrations and data theft. Distinguishing these malicious efforts from legitimate traffic requires implementing detection strategies for signs of automation, such as unnaturally fast interactions or abnormal browsing patterns. By honing in on these behaviours, organisations can effectively spot and stop automated attacks, safeguarding genuine user interactions.
Evaluate Traffic
Spot Patterns: Identifying bot traffic without clear indicators is challenging, but certain patterns suggest its presence. High bounce rates, low conversions, sudden traffic spikes, and repeated requests to specific URLs often signal automated activity. Monitoring these anomalies helps flag suspicious behaviour for investigation. A sharp surge in traffic to one endpoint may mean bots are targeting a specific event. Analysing the source — such as traffic from a single Internet Protocol address, Internet Service Provider (ISP), or URL — can confirm bot involvement. If most traffic comes from a narrow IP range, it's a strong sign of automation. Recognising these signals allows for targeted action, helping protect digital assets from bot-driven disruption.
Monitor Traffic
Define your failed login attempt baseline on login pages, then monitor for anomalies
or spikes. Set up alerts so you’re automatically notified if any occur. Advanced
“low and slow” attacks don’t trigger user or session-level alerts, so be sure to set
global thresholds. On checkout or gift card pages, a spike in failures or traffic may signal carding attacks or bot activity, such as GiftGhostBot attempting to steal balances.
Stay Informed
Staying alert to global data breaches is crucial, as attackers can easily buy leaked credentials or rent bots to launch automated attacks. Bots often use fresh credential dumps for stuffing attacks and account takeovers, increasing the chance of success. Being informed about such breaches helps you proactively strengthen defences and reduce your platform’s exposure to these threats.
Implement advanced bot detection with user behaviour analysis, profiling, and fingerprinting. Ensure solutions differentiate between legitimate and malicious bots while adapting to new threats.
By adopting these measures, organisations can mitigate AI-driven bot risks, safeguarding digital assets and maintaining customer trust. Such a nuanced approach also demands the expertise of a dedicated team capable of evolving defenses at the pace of emerging threats.
Visitors Comments
Related Topics
.
No Comments