Russia and China Dominate Majority of Bot Attacks on Large Companies
MANCHESTER, UK & NEW YORK – September 19, 2023 — Netacea, the bot detection and response specialist, today announced results of a new report into the business impact of malicious automated attacks. The research reveals that most bot attacks now come from Russia and China and the financial impact is greater than ever; costing each company $85.6m - the equivalent of over fifty average ransomware payouts, or the 8th highest ever GDPR fine - every single year.
The report, Death by a Billion Bots: The Accumulating Business Cost of Malicious Automation, surveyed 440 businesses with an average online revenue of $1.9bn across the travel, entertainment, ecommerce, financial services and telecoms sectors in the US and the UK.
Of those surveyed, 72% had suffered attacks originating in China and 66% from Russia. Overall, over half (53%) of all bot attacks came from these two countries with Russian threats increasing by 82% in just the last two years.
"Economic coercion, in today's age, doesn't need to be the physical blockading of ports with gunboats. Instead, it can be the manipulation of markets, or the slow bleeding of wealth from organizations not aligned with the hostile actors' objectives," said Rob Black, Lecturer in Information Activities at Cranfield University.
The research found that the average business loses 4.3%, or $85.6m, of online revenues every year due to the volume of attacks now being enabled by malicious automation. This is more than double their financial impact in 2020, when the average cost was just $33.3m per business.
Taking the average business four months to detect, long dwell times compound business impact by giving sophisticated bots a lengthy opportunity to harvest value from companies. Almost every organization (97%) reported that it takes over a month to respond to malicious automation.
"One explanation for the success of threat actors is that they are evolving their attacks, with API-based incidents now reported by 40% of businesses," said Cyril Noel-Tagoe, Principal Security Researcher at Netacea. "Simultaneously, the targeting of mobile apps has also gained prominence—surpassing web-based attacks for the first time as attackers seek to exploit less fortified avenues. With more businesses using APIs and mobile apps, it presents a larger threat surface."
Almost every company, 99%, that admitted being attacked by bots also said they had noticed rising threat volumes over the previous year - with the top three attack types being Sniping, Credential Stuffing and Scraping. Gift Card Fraud also emerged as a fast-rising attack type, with over ¼ of companies saying they had seen a significant increase in this threat.
"Big ransomware attacks and GDPR fines grab headlines, but what we've uncovered is more insidious, and far more costly to businesses—what we've called 'death by a billion bots'," said Andy Still, Co-Founder of Netacea. "The cumulative effect of these attacks is wiping tens of millions of dollars in value from online businesses, not to mention the effect on their reputations and operations, yet this activity is low key enough to remain undetected for months. With the fastest growth seen in countries where there is little chance of law enforcement, businesses can only expect these attacks to increase in number."
The full report can be downloaded here
About Netacea
Netacea prevents sophisticated, high-volume, bot attacks that drain value from online businesses. Situated on the far edge of technical infrastructure, the platform combines unrivalled visibility of all traffic across APIs, applications and websites with evolved detection, response and threat intelligence capabilities. The result is more effective automated protection for highly trafficked businesses.
For more information, please contact:
CCgroup for Netacea
Katie Wilson / Matthew Denby (UK)
T: 07342 034 262
Beth Fichtel (US)
T: +1 914.588.2695
E: netacea@ccgrouppr.com