Threat intelligence

This article is based on the Imperva 2025 Malicious Robots Report, which reveals three core trends:
The New Normal of Automated Traffic: Automated traffic surpassed human traffic for the first time in 2024, accounting for 511 TP3T, of which 371 TP3T were malicious bots, and growing for six consecutive years, marking a structural change in Internet interaction patterns and a new stage in enterprise security challenges.
AI-enabled attack evolution: the proliferation of Artificial Intelligence (AI) and Large Language Models (LLMs) has significantly lowered the attack threshold, fueling the scale and sophistication of malicious automated attacks. ai is not only used to generate bots, but it also drives them to analyze, learn, and optimize escape techniques, spawning advanced bots that are more evasive, and leading to an increase in business logic attacks.
APIs Become New Focus of Attacks: With the popularity of microservices and mobile apps, APIs have become a prime target for malicious bots due to their concentrated value, relatively weak defenses, and ease of automation.44% of advanced bot traffic was directed to APIs, and the financial services and telecom industries were the most severely attacked, with data scraping, payment fraud, and account takeover being the main attack tactics.
In addition, the article analyzes in detail the resurgence of account takeover (ATO) attacks, noting their year-over-year growth of 40% in 2024, and explores the drivers of the surge in ATO attacks, the most impacted industries, and the regulatory penalties they may face. Finally, the paper proposes a multi-layered, adaptive defense-in-depth strategy, including going beyond traditional WAFs, strengthening API security, countering ATOs, building a unified security view, and continuous monitoring and threat intelligence, which is designed to help enterprises effectively counter the increasingly intelligent and scaled threat of malicious bots and protect digital assets and business continuity.

More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.

As cybersecurity threats increase, so does the need for threat intelligence among enterprises. However, according to ESG's latest survey, 98% companies plan to increase threat intelligence spending in 2024, but they also face a series of challenges. These challenges include threats...