The rise of accessible AI tools has significantly lowered the barrier to entry for cyber attackers, allowing them to create and deploy malicious bots at scale. According to Thales, automated bot traffic has surpassed human-generated traffic for the first time in a decade, constituting 51% of all web traffic in 2024. This shift is attributed to the increasing use of AI and LLMs, which have made it easier to create and scale bots for malicious purposes.
As AI tools become more accessible, cybercriminals are taking advantage of these technologies to create and deploy malicious bots, which now account for 37% of all internet traffic. This represents a significant increase from 32% in 2023 and marks the sixth consecutive year of growth in bad bot activity. This poses security challenges for organizations striving to protect their digital assets.
The travel and retail sectors are particularly vulnerable to advanced bot attacks, with bad bots making up 41% and 59% of their traffic, respectively. In 2024, the travel industry became the most attacked sector, accounting for 27% of all bot attacks, up from 21% in 2023. A notable shift in 2024 is the decrease in advanced bot attacks targeting the travel industry (41%, down from 61% in 2023) and the increase in simple bot attacks (52%, up from 34%).
The emergence of advanced AI tools like ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI, and Cohere AI is transforming the landscape of cyber threats. These tools are not only changing user interactions but also the methods by which attackers execute cyber threats. ByteSpider Bot alone is responsible for 54% of all AI-enabled attacks, with other significant contributors including AppleBot at 26%, ClaudeBot at 13%, and ChatGPT User Bot at 6%.
Tim Chang, GM of Application Security at Thales, highlighted the serious implications of the surge in AI-driven bot creation for businesses worldwide. As automated traffic represents more than half of all web activity, organizations face increased risks from bad bots that are becoming more prolific each day. Attackers are becoming more adept at utilizing AI to execute various cyber threats, ranging from DDoS attacks to API violations.
Recent findings show a significant increase in API-directed attacks, with 44% of advanced bot traffic targeting APIs. These attacks aim to exploit vulnerabilities in API workflows, engaging in automated payment fraud, account hijacking, and data exfiltration. The deliberate strategy by cyber attackers to target API endpoints managing sensitive data poses significant challenges for industries that rely on APIs for critical operations.
The financial services sector, healthcare, and e-commerce industries are prime targets for malicious actors seeking to breach sensitive information through advanced bot attacks on API endpoints. These sectors rely on APIs for essential functions such as payment processing, supply chain management, and AI-driven analytics. As organizations embrace cloud-based services and microservices architectures, understanding the vulnerabilities inherent in APIs becomes crucial to mitigating the risk of fraud and data breaches.
Financial services are the most targeted industry for account takeover (ATO) attacks, accounting for 22% of all incidents, followed by telecoms and ISPs with 18%, and computing & IT with 17%. The high value of accounts and the sensitive nature of data in the financial sector make it an attractive target for cybercriminals looking to profit from selling personally identifiable information on the dark web. The growing use of APIs within the industry has expanded the attack surface, allowing for exploitation of vulnerabilities and facilitating account takeovers and data theft.