Less Than 5% of Advanced Bots Blocked: Insights from the 2024 Global Bot Security Report

Results are in for the 2024 DataDome Global Bot Security Report! Across 14,000 worldwide websites spanning 18 industries, nearly 2 in 3 businesses were completely unprotected against basic bots.

How well are different types of bots stopped?

Our BotTester tool, which was used to gather the data for the report, tests three different simple bots and one type of advanced bot. For our purposes, advanced bots were only tested on cart and login endpoints, rather than home pages.

Each vector is also split into three different geolocations—the US, Canada, or France—using proxies. When looking at all of the data, we found:

1. Fake Googlebots were detected more than other bots. Still, almost 3 in 4 of these bots were not detected or blocked, leaving sites exposed to threats like content spamming, click fraud, and vulnerability scanning.
2. The grand majority (83%) of Curl command bots went undetected. Curl bots are very simple, often used for data mining and scraping. However, websites that cannot detect them—like over 75% of domains we tested—are also vulnerable to fake account creation and denial of inventory attacks.
3. The most successful basic bots were the fake Chrome bots. These bots use the same headers as real Chrome browsers and make requests via residential proxies. Only 15.82% of fake Chrome bots were detected—leaving businesses at risk for layer 7 DDoS attacks, account takeover fraud, and other automated threats.
4. Advanced bots were detected less than 5% of the time. These were a form of anti-fingerprinting headless browsers, a new tool readily available to bot developers that makes detection much more challenging. This left over 95% of businesses at risk for advanced threats—account takeover, payment fraud, click fraud, etc.

My business isn’t fully protected—what next?

Every business should take immediate action to protect against simple and sophisticated threats—but especially those who find vulnerabilities with the BotTester tool. Some quick recommendations are:

1. Test for Vulnerabilities: Identify and improve weak points in your security before a cybercriminal finds them.
2. Monitor Your Traffic: Understand the threats your business is facing to choose the best tool for the job.
3. Vet Bot Protection Vendors: Research different tools and test vendors to find the best protection for your business.

Gain Better Insights to Safeguard Your Business

The Global Bot Security Report goes into detail about the threats facing businesses around the world, and who’s most at risk. Read it to gain insights into the state of bot attack preparedness and learn how to protect your business.

DataDome already protects businesses against every single attack vector mentioned in the report. How does your protection hold up?