Companies across industries are seeing more bot-driven attacks, both basic and advanced, according to DataDome.
An analysis of over 14,000 websites uncovered alarming gaps in protection against cyber fraud, particularly within consumer-centric industries.
E-commerce and luxury industries are prime targets for cybercriminals
More than 65% of websites are unprotected against simple bot attacks, and 95% of advanced bot attacks go undetected on websites.
Consumer-centric and digital native industries are prime targets for cybercriminals and have inadequate defenses against bad bots. This puts data security and the customer experience at risk, with severe consequences such as financial loss and reputational damage.
The analysis found that the luxury and e-commerce sectors are at the highest risk for online fraud. Researchers found that only 5% of luxury brand websites and 10% of e-commerce websites are fully protected against bad bots, posing a significant risk as the holiday shopping season approaches.
Additionally, only 6% of media websites have robust protection against bots, leaving 94% vulnerable to ad fraud, content scraping, and DDoS attacks. These findings reveal a strong correlation between the proliferation of bad internet traffic and the vulnerability of high-traffic websites. Bad bot creation, a relatively quick and cost-effective attack vector, has become a technique of choice for attackers looking to automate online fraud.
“Consumer-centric industries are highly vulnerable to malicious bot activity and face increased risks of financial loss, data breaches, and reputational damage. As our research reveals, the low barriers for creating and deploying bad bots have made them a favored tool for fraudsters seeking to exploit high-traffic websites. Needless to say, the need for robust, multi-layered bot protection has never been more urgent,” said Antoine Vastel, VP of Research, DataDome.
AI-powered bots evading detection
Over the last 12 months, the latest research shows that both basic and advanced bot-driven attacks have increased. The tools and techniques available to cybercriminals to perform these attacks have become more advanced, significantly outpacing traditional defenses.
Advanced bots, designed to bypass traditional CAPTCHAs by leveraging AI-powered “bot farms” to solve them in real-time, were detected by protection less than 5% of the time.
These sophisticated bots can impersonate users with a high accuracy rate and have been shown to spread disinformation online. In July 2024, the US Department of Justice dismantled a large-scale Russian propaganda campaign that used a “bot farm” to bypass one of X’s user verification methods and spread disinformation in the US with fake social media accounts. The use of advanced bots by political actors poses a significant threat as the US presidential election battle heats up.
Vastel continued, “We’re seeing a surge in genAI-augmented media, which can be used for nefarious political influence. Social media platforms and media websites are being targeted by bad actors looking to spread political disinformation. Given that this is an election year, we strongly advise media websites to reassess the risks associated with malicious web traffic.”
Advancements in automated browsers, anti-detection frameworks, proxy usage, and AI assistance have made it increasingly difficult for companies to defend against bot threats. Among tested domains using some form of bot protection, bots were still able to completely penetrate 45%. Fake Chrome bots remain the most difficult type of simple bot to detect, leaving businesses open to layer 7 DDoS attacks, account fraud, and more.
Regionally, Europe is the least protected against simple bot attacks, with 68% of websites unprotected and only 8% fully protected. North America follows closely behind, with 64% of websites unprotected and only 9% fully protected.