Russia and China dominate majority of bot attacks on large companies
Wed 20 Sep 2023
Netacea research has revealed that most bot attacks now come from Russia and China.
The financial impact is greater than ever, costing each company $85.6 million every single year. This is the equivalent of over fifty average ransomware payouts, or the 8th highest-ever GDPR fine.
The report, Death by a Billion Bots, surveyed 440 businesses with an average online revenue of $1.9 billion across the travel, entertainment, ecommerce, financial services and telecoms sectors in the US and UK.
Of those surveyed, 72% had suffered bot attacks originating in China and 66% from Russia. Overall, over half (53%) of all bot attacks came from these two countries, with Russian threats increasing by 82% in just the last two years.
“Economic coercion, in today’s age, doesn’t need to be the physical blockading of ports with gunboats. Instead, it can be the manipulation of markets, or the slow bleeding of wealth from organisations not aligned with the hostile actors’ objectives,” said Rob Black, Lecturer in Information Activities at Cranfield University.
The research found that the average business loses 4.3%, or $85.6 million, of online revenues every year due to the volume of attacks now being enabled by malicious automation. This is more than double their financial impact in 2020, when the average cost was just $33.3 million per business.
Taking the average business four months to detect, long dwell times compound business impact by giving sophisticated bots a lengthy opportunity to harvest value from companies. Almost every organisation (97%) reported that it takes over a month to respond to malicious automation.
“One explanation for the success of threat actors is that they are evolving their attacks, with API-based incidents now reported by 40% of businesses. Simultaneously, the targeting of mobile apps has also gained prominence—surpassing web-based attacks for the first time as attackers seek to exploit less fortified avenues. With more businesses using APIs and mobile apps, it presents a larger threat surface,” said Cyril Noel-Tagoe, Principal Security Researcher at Netacea.
Almost every company (99%) that admitted being attacked by bots also said they had noticed rising threat volumes over the previous year, with the top three attack types being Sniping, Credential Stuffing and Scraping.
Gift Card Fraud also emerged as a fast-rising attack type, with over a quarter of companies saying they had seen a significant increase in this threat.
“Big ransomware attacks and GDPR fines grab headlines, but what we’ve uncovered is more insidious, and far more costly to businesses—what we’ve called ‘death by a billion bots’.
“The cumulative effect of these attacks is wiping tens of millions of dollars in value from online businesses, not to mention the effect on their reputations and operations, yet this activity is low key enough to remain undetected for months. With the fastest growth seen in countries where there is little chance of law enforcement, businesses can only expect these attacks to increase in number,” said Andy Still, Co-Founder of Netacea.
Hungry for more tech news?
Sign up for your weekly tech briefings!