November 16, 2023 at 11:45AM
Arkose Labs has analyzed bot attacks from January to September 2023 and found that 73% of internet traffic is comprised of Bad Bots and related fraud farm traffic. The top five categories of Bad Bot attacks are fake account creation, account takeovers, scraping, account management, and in-product abuse. The industries targeted the most are technology, gaming, social media, e-commerce, and financial services. The rise of artificial intelligence and crime-as-a-service will likely contribute to the increasing prevalence of Bad Bots. Detecting and mitigating Bad Bots is crucial to limiting their impact.
Here are the key takeaways from the meeting notes:
1. Arkose Labs has analyzed and reported on a significant number of bot attacks from January to September 2023, with the majority being malicious Bad Bots.
2. The top five categories of Bad Bot attacks are fake account creation, account takeovers, scraping, account management, and in-product abuse.
3. The biggest increases in attacks from Q2 to Q3 are SMS toll fraud, account management, and fake account creation.
4. The top five industries targeted by Bad Bots are technology, gaming, social media, e-commerce, and financial services.
5. Fraud farms, operated by humans, are utilized when bots fail in their purpose. These farms are primarily located in Brazil, India, Russia, Vietnam, and the Philippines.
6. The growth of Bad Bots is expected to continue due to the availability of artificial intelligence (gen-AI) and the increasing professionalism of the criminal underworld with crime-as-a-service (CaaS) offerings.
7. Intelligent bots employ machine learning and AI to mimic human behavior and bypass detection. They are used to exploit vulnerabilities in IoT devices, cloud services, and other emerging technologies.
8. Scraping bots, used to gather data and images from websites, have seen a significant increase, especially for scraping social media accounts. Scraping can facilitate mass production of compelling phishing attacks and target the travel and hospitality sectors.
9. Scraping falls into a legally murky area, as it may not be explicitly illegal but can be considered immoral if it violates a website’s terms of use.
10. Crime-as-a-service (CaaS) has made cybercrime more accessible to individuals who lack the necessary skills, enabling them to engage in criminal activities.
11. The profitability of Bad Bots for criminals, coupled with advancements in gen-AI and the growth of CaaS, implies that the problem will worsen.
12. The key solution lies in detecting and mitigating Bad Bots to limit their impact on individuals and systems. If it becomes unprofitable, the criminals are less likely to engage in these activities.