DataDome: 95% of Advanced Bots Go Unnoticed on Websites

DataDome today released its 2024 Global Bot Security Report, revealing that more than 65% of websites are unprotected against simple bot attacks, while 95% of advanced bot attacks remain undetected on websites. DataDome Advanced Threat Research’s (DDATR) extensive analysis of more than 14,000 websites reveals alarming gaps in cyber fraud protection, particularly in consumer-facing industries.

E-commerce and luxury goods industries most vulnerable to online fraud

Consumer-centric and digital native industries are prime targets for cybercriminals and have inadequate protections against malicious bots. This puts data security and customer experience at risk, with serious consequences such as financial loss and reputational damage.

The analysis found that the luxury and e-commerce sectors are most vulnerable to online fraud. DataDome Advanced Threat Research found that only 5% of luxury brand websites and 10% of e-commerce websites are fully protected from bad bots, posing a significant risk as the holiday shopping season approaches.

In addition, only 6% of media sites have robust bot protection, leaving 94% vulnerable to ad fraud, content scraping, and DDoS attacks. These results reveal a strong correlation between the spread of bad web traffic and the vulnerability of high-traffic sites. Creating bad bots, a relatively quick and inexpensive attack vector, has become the technique of choice for attackers looking to automate online fraud.

“Consumer-facing industries are highly susceptible to malicious bot activity and are at increased risk of financial loss, data breaches, and reputational damage. As our research shows, the low barriers to creating and deploying bad bots have made them a favorite tool for fraudsters looking to exploit high-traffic sites. Needless to say, the need for robust, multi-layered bot protection has never been more urgent,” said Antoine Vastel, Vice President of Research at DataDome.

Advanced AI bots that avoid detection

Over the past 12 months, recent research shows that both basic and advanced bot-based attacks have increased. The tools and techniques available to cybercriminals to carry out these attacks have become more advanced, far outpacing traditional defenses.

Advanced bots designed to bypass traditional CAPTCHAs by using AI-powered “bot farms” to solve them in real time were detected by security less than 5% of the time.

These advanced bots can impersonate users with great accuracy and have been shown to spread disinformation online. In July 2024, the U.S. Department of Justice took down a large-scale Russian propaganda campaign that used a “bot farm” to bypass one of X’s user verification methods and spread disinformation in the U.S. via fake social media accounts. The use of advanced bots by political actors poses a significant risk as the battle for the U.S. presidential election intensifies.

Vastel continued: “We are seeing an increase in genAI-powered media that can be used for nefarious political influence. Social media platforms and media sites are being targeted by bad actors looking to spread political disinformation. Given that this is an election year, we strongly advise media sites to reconsider the risks associated with malicious web traffic.”

Advances in automated browsers, anti-detection frameworks, proxy server usage, and AI assistance have made it increasingly difficult for businesses to defend against bot threats. Among domains tested that used some form of bot protection, bots were able to completely penetrate up to 45%. Fake Chrome bots remain the most difficult type of simple bot to detect, leaving businesses open to Layer 7 DDoS attacks, account fraud, and more.

Europe and North America are the least prepared to combat the growing wave of bot attacks

Regionally, Europe is the least protected against simple bot attacks, with 68% of websites unsecured and only 8% fully protected. North America is close behind, with 64% of websites unsecured and only 9% fully protected.

DataDome Advanced Threat Research is on a mission to advance the state of cyber fraud prevention through rigorous research and analysis of emerging threat vectors. For the full set of findings and insights from the DataDome Global Bot Security Report 2024, click here. Follow DataDome on YouTube, Reddit, and LinkedIn for regular updates on threat research, customer case studies, and to ensure your bot defenses are ready for the most sophisticated attacks.