Danabot activity was up even more, by +52%.

Global Financial Services firms saw an 18% uplift in automated bot attacks.

There was a 15% decrease in global bot attacks in 2024.

In the Retail sector, bad bots made up 59% of their traffic.

Financial services, healthcare, and e-commerce are the most affected sectors by sophisticated bot attacks targeting APIs

In the Travel sector, bad bots made up 41% of their traffic in 2024. There was a decline in advanced bot attacks targeting the travel industry (41% in 2024, down from 61% in 2023) and a sharp increase in simple bot attacks (52% in 2024, up from 34% in 2023).

44% of advanced bot traffic targeted APIs.

Automated traffic surpassed human activity, accounting for 51% of all web traffic. This is the first time in a decade that automated traffic has exceeded human activity. This occurred in 2024.

59% of human traffic is clean from leaked credentials against 41% with leaked passwords.

Only 5% of leaked password login attempts result in access being denied. 90% of these denied requests are bot-driven. The remaining 19% of login attempts fall under other outcomes, such as timeouts or users who changed their passwords

When including bot-driven traffic, 52% of all detected authentication requests contain leaked passwords.

95% of login attempts involving leaked passwords are coming from bots.