💡
Bots now generate over 51% of global internet traffic, with 37% classified as malicious.
Attacks are rising across industries, especially travel, retail, education, and financial services, driven by easier access to AI-powered automation.
These bots cause revenue loss, inventory distortion, account fraud, and degraded user experience, making precise traffic analysis and intelligent bot detection essential.
According to the 2025 Imperva Bad Bot Report published by the global technology and security leader Thales, we take a closer look at the current state of global bot traffic and the distinct patterns emerging across industries.
Now in its twelfth edition, the report captures how recent advances in AI and the widespread adoption of APIs are transforming the bot ecosystem. The rapid growth of AI technologies and accessible automation tools has significantly lowered the barrier for bot-driven attacks, fueling an explosive rise in malicious bot activity across web, mobile, and API channels.
Bot traffic is no longer an isolated issue limited to certain sectors. In today’s digital landscape, it has become a universal threat affecting organizations worldwide
2024 marked the first year in which bot-driven macro traffic surpassed human-generated traffic. Research shows that automated traffic accounted for 51% of all internet activity, overtaking human users at 49%. Of this, legitimate bots such as search crawlers represented only 14%, while malicious bots accounted for 37%. Malicious bot activity has now increased for six consecutive years.
Breaking malicious bots down by type, two major patterns emerge. More advanced bots—those that mimic human behavior, bypass security flows, and directly call APIs for actions like payments or logins—make up 55% (Moderate + Advanced Bots). In contrast, simple bots, which rely on basic repeated requests and low-skill automation tools, account for 45%.
The growth of simple bots reflects how generative AI has made it easier than ever to create automated attack tools. As a result, not only skilled threat actors but also novice attackers are now entering the landscape in large numbers.
More than half of all bot-driven attacks worldwide are concentrated in the United States, accounting for approximately 53%. The U.S. is followed by the United Kingdom (31%), with Canada, France, and Brazil also experiencing a significant volume of bot activity.
Within the APAC region, Hong Kong and Indonesia each recorded 24% of attacks, making them the most targeted locations. The data shows a clear pattern: economies with large digital footprints and a strong reliance on financial services tend to attract higher volumes of bot traffic. Markets like South Korea, where API-driven services are prevalent, are equally exposed to bot attacks.
The travel industry faces the highest volume of bot attacks, accounting for 27% of all incidents. Between 2022 and 2024, bot activity targeting this sector surged by 280%.
Beyond basic automated attacks, more sophisticated business-logic threats have become widespread, including seat spinning (holding inventory in the cart up to the point of payment), ticket scalping (purchasing airline tickets to resell to third parties), and fare scraping (competitors collecting real-time pricing data).
These tactics distort key metrics such as Look-to-Book ratios (the number of searches compared to actual bookings), disrupting demand forecasting, pricing decisions, and overall revenue management systems.
This sector is a prime target for bot-driven macro attacks, especially those aimed at high-value items, limited-edition goods, and seasonal merchandise. While attacks were once concentrated around major shopping events such as Black Friday, by 2024 they had shifted to a year-round pattern, no longer waiting for specific peak seasons.
With advanced bots accounting for 59% of all activity, the attack landscape has become increasingly sophisticated. Similar to the travel industry, attackers frequently occupy shopping carts, scrape pricing information, and automate high-frequency purchase attempts, creating significant disruption across e-commerce operations.
In the education sector, online course registration systems, assignment platforms, and exam portals have become common targets. Notably, basic bots account for an overwhelming 92% of all activity. This suggests that students and general users may be leveraging easily accessible automation tools, such as chatbots, to generate and execute bot attacks with minimal effort.
The financial industry is an especially attractive target for attackers, given the sensitivity and value of personal data, payment information, and account details. Above all, Account Takeover (ATO) attacks occur at a notably high frequency. In 2024, ATO incidents within the financial sector increased by 40 percent year over year, accounting for 22% of all ATO activity, the highest share among all industries.
As banks, card issuers, and fintech companies continue to expand their services through APIs, the volume and sophistication of attacks are expected to grow even further.
Malicious bot activity has moved far beyond a simple traffic management issue. It now represents a multifaceted business risk that directly affects revenue, operations, security, and customer experience.
Type | Description |
|---|---|
Direct Impact |
|
Indirect Impact |
|
The rise of malicious bots attacks has become a fundamental threat to service quality, revenue, customer experience, operational costs, and overall brand trust.
As API-driven services, demand-based pricing models, and limited online releases continue to expand, the impact of malicious bots is expected to grow exponentially.
To maintain stable services, ensure a fair environment, and achieve strong business performance, companies must prioritize accurate traffic analysis, intelligent detection, and comprehensive API protection strategies.
[References]
2025 Bad Bot Report – Imperva, Thales (Link)
Thales Releases 2025 Imperva Bad Bot Report: AI-Driven Bot Traffic Surges – Korea Economic Daily, May 13, 2025 (Link)
You can explore STCLab’s suite of solutions for the most effective approach to controlling traffic quality, isolating malicious bots and macro attacks, and protecting your APIs and critical business logic.
#. NetFUNNEL - Virtual Waiting Room : Large-scale traffic control, resource overload prevention, and user-friendly waiting messages
#. BotManager : Multi-layer detection and blocking of abnormal and automated malicious bot traffic using Browser, Server, and CDN agents
STCLab Inc.