According to a new analysis, over a third of Australia’s internet traffic is generated by automated bots, which are used for a variety of purposes including data scraping, training generative AI platforms, and scalping concert tickets and premium airline seats.
The latest annual Bad Bot Report from security firm Imperva reveals that these bots are increasingly designed to imitate legitimate human users.
Analyzing over 6 trillion blocked and anonymised bad bot requests, the report highlights a surge of automated agents exploiting applications’ intended functionalities rather than their technical vulnerabilities.
Bad bots are facilitating high-speed abuse and attacks across websites, mobile apps, and APIs.
They are capable of scraping vast amounts of data, harvesting personal and financial information, conducting brute-force attacks, executing denial-of-service attacks, and engaging in digital ad fraud, which has been estimated to cost around $150 billion globally.
While simpler bots primarily focus on scraping data for resale, advanced bots combine various capabilities, including the ability to bypass CAPTCHA challenges.
These advanced bots are often targeting high-value sectors like law, government, entertainment, financial services, and travel, while simpler bots tend to harvest personal data from people-centric industries such as healthcare and education.
“Highly opportunistic” bots have been observed overwhelming ticket booking, driver license testing, and restaurant reservation systems to capitalize on scarce resources and then resell them on third-party platforms,”
Notably, 44.8% of the bots attempted to disguise themselves as mobile web browsers, a tactic gaining popularity, with many routing traffic through residential ISPs to appear as regular users.
Imperva points out that these bot operators exploit situations of high demand and low supply, making it nearly impossible for genuine customers to secure desired goods and services.
Despite Australia’s smaller population, it accounted for 8.4% of all observed bot traffic, ranking behind the US (47%) but on par with the Netherlands (9%) and almost double the UK (5.1%).
Currently, bad bots generate 30.2% of all data traversing the internet in Australia, with good bots contributing an additional 6.1%. This proportion is comparable to the total traffic generated by Google last year.
In contrast, New Zealand shows a more balanced scenario, with only 19% of traffic attributed to bad bots. The surge in bot activity has also led to significant legal challenges, particularly concerning the data collection needed to train sophisticated generative AI models.
Much of the data being scraped is copyrighted, raising questions about the legality of such practices. Imperva notes that the claims of ‘fair use’ for scraping are contentious, setting the stage for legal disputes with major publishers like The New York Times.
As AI technology continues to evolve, the need for clear legal guidelines balancing data access with copyright and privacy rights has never been more critical.
