Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic.
Bad bots do all kinds of unpleasant things. An increasing number try to hijack peoples’ online accounts, which they often do by “credential stuffing.” This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere. These account takeover attacks have skyrocketed lately. Other attacks include scraping data from websites, which is a problem for businesses that don’t want their intellectual property stolen, and also for the individuals who own that data.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hacker stole £700,000 from UK energy company by redirecting payment
April 9, 2026
British oil and gas company Zephyr Energy says someone stole £700,000 (close to $1 million) from one of its U.S.-based subsidiaries by redirecting a payment meant for a contractor into a hacker-controlled account. In a regulatory filing with the London Stock Exchange on Thursday, the company said it is “working with the corresponding banks and ...
- What Project Glasswing Means for Security Leaders
April 9, 2026
Anthropic’s Project Glasswing matters because it offers an early look at how quickly software flaws may soon be found, validated, and potentially turned into viable attack paths, even if that capability is currently limited to a closed partner program. Anthropic says its restricted Claude Mythos Preview model has already identified thousands of high-severity vulnerabilities, including flaws ...
- Fake Windows support website delivers password-stealing malware
April 9, 2026
A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools. Malwarebytes Labs researchers spotted the campaign at microsoft-updatesupport, a ...
- Hackers steal and leak sensitive LAPD police documents
April 8, 2026
Cybercriminals have allegedly stolen a large amount of sensitive internal documents from the Los Angeles Police Department and leaked the data online. The stolen data included police officer personnel files, internal affairs investigations, and discovery documents that can include unredacted criminal complaints and personal information, such as witness names and medical data, according to the Los ...
- Russian hacking group targets home and small office routers to spy on users
April 8, 2026
British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office (SOHO) routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which researchers will refer to as APT28, but is also known under names like ...
- Hack-for-hire group caught targeting Android devices and iCloud backups
April 8, 2026
Security researchers say they have identified a hack-for-hire group targeting journalists, activists, and government officials across the Middle East and North Africa. The hackers used phishing attacks to access targets’ iCloud backups and messaging accounts on Signal, and deployed Android spyware capable of taking over the targets’ devices. This hacking campaign highlights a growing trend of ...