Bad bots outpace humans in Singapore’s internet traffic
Automated bot activity hit 51% in 2024.
For the first time in a decade, automated bots surpassed human users in global internet traffic, accounting for 51% of online activity in 2024. In Singapore, the situation mirrored this global trend, with malicious bot traffic surging to 51%, according to Thales’ 2025 Imperva Bad Bot Report.
Daniel Toh, Chief Solution Architect APJ at Thales, attributed this spike to the accessibility of artificial intelligence tools and large language models. “Cyber criminals are increasingly leveraging all these different new technologies and new techniques to create and deploy more and more malicious bots,” he said.
Vladimir Yordanov, Senior Director of Solution Engineering at Gigamon, pointed to the expanding digital attack surface. “Vulnerable APIs and bot attacks are costing businesses up to $186 billion annually,” he said. He also cited the proliferation of IoT devices and mobile apps as major risk factors, with 54% of organisations globally facing weekly cyberattacks on IoT devices in 2023.
Yordanov listed credential scraping, web scraping, DDoS, ad fraud, spam, phishing, vulnerability scanning, and scalping as common techniques. Bots can mimic human behavior to drain marketing budgets or hoard inventory like concert tickets.
Toh noted that 33% of advanced bots in Singapore now target APIs. “These attacks are not just limited to overwhelming the devices or APIs,” he said. “We see workflows being targeted around automated payment fraud, account hijacking, data exfiltration.”
To combat this, Toh emphasised good cybersecurity hygiene such as multi-factor authentication and using AI-driven tools to automate threat reduction. “Try not to play all our cards at the same time,” he advised, suggesting businesses reserve advanced controls for high-value campaigns.
He also pointed to Singapore’s national response: “In 2023, there was a scam analytics and tactical intervention system called the SARTS… designed to fight bot-driven scams, phishing and malware.”
Yordanov added that businesses should adopt zero trust architecture, strengthen API defenses, and regularly patch systems. He also stressed the importance of digital awareness. “If it doesn’t need to be connected, don’t connect it… those risks, if they could be exploited, will be exploited at one point,” he warned.
Commentary
Singapore’s AI ambition has an intelligence problem
Singapore is deploying AI at speed – and security risks are catching up
Precious metal boom is a stress test for Singapore’s gold ambitions
Singapore’s global dispute fault lines
‘Tokenmaxxing’ – The wrong AI race to run in Singapore
To outsmart modern fraud, we must first know the enemy
Why Singapore SMEs cannot wait for quantum cyber risk to arrive before securing data