Report: $250M a Year – The Cost of Malicious Bot Traffic

Report: $250M a Year – The Cost of Malicious Bot Traffic

With the rise of online work during the pandemic, malicious bots has become an increasingly costly threat for businesses.

“Last year, a particularly tough one for legitimate businesses already operating with razor-thin margins thanks to an economic slump, was a bumper year for those who use bots to leech off of those businesses — especially from bad actors who looked to take advantage of a significant shift to online working and retail,” Andy Still, CTO at Netacea, said.

The company surveyed 440 businesses across various industries in the United States and the UK, some of them were travel, entertainment, eCommerce, financial services, and telecoms sectors. Many of these enterprises had annual turnover ranging from $350m to over $7bn.

Two-thirds of the respondents said they had experienced a bot attack on their websites, and 48% said they had seen bots attack their apps.

The cost of dealing with an automated bot attack stands at 3.6% of their annual revenue, which is equivalent to around a quarter of a billion dollars annually for the worst cases.

Research showed, account checker bots is the biggest problem for most businesses.

“The biggest problem for most businesses is account checker bots that use breached passwords to take over accounts through the credential stuffing, though sniper bots, scalper bots, and scraper bots are not too far behind,” Netacea revealed.

It takes an average of 14 weeks for a business to learn about an attack. This means that hackers can carry on with cyber activities for months without anyone noticing their actions.

There are also four main types of automated bots that can perform various attacks against websites.

Account checker bots try to log in to a website using lists of a leaked username and password pairs.

Scalper bots are used to perform many limited goods purchases, such as event tickets, quickly.

Other bots include distributed denial of service attacks (DDoS) bots (botnets), which can knock a website offline, and carding bots, which test stolen card details.

“While there is a greater awareness of the threat than in previous years, only 5% of security budgets are being used to target the problem. Businesses need to realize that bots are not a mere nuisance, but a genuine security threat—especially when a business is already struggling because of other factors,” Still said.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.