Fastly Research: Commerce Industry Attacks Double as Bots Represent More Than One-Third of All Traffic
Identifying wanted and unwanted bot traffic is crucial for businesses. Unwanted bot traffic, including malicious bot traffic, can conduct account takeovers, ad fraud or data theft. Conversely, search engine crawlers, which accounted for
“As bots make up a growing portion of internet traffic, the ability to tell the difference between useful and unwanted automation is becoming more important,” said Simran Khalsa, Staff Security Researcher at Fastly. “If you’re not actively managing bot traffic you could be spending on infrastructure, bandwidth, or performance that is effectively being wasted on serving malicious or non-productive traffic.”
Fastly’s quarterly threat insights report draws from 6.5 trillion monthly requests1 across Fastly’s Next-Gen WAF, Bot Management, and DDoS Protection solutions, which collectively help secure over 130,000 apps and APIs2 across a wide range of industries, including leading e-commerce, streaming, media and entertainment, financial services, and technology companies.
Key Q1 2025 findings include:
-
Attacks on the commerce industry doubled, rising to
31% of all observed attacks in Q1 2025 from15% of all observed attacks in Q1 2024 -
37% of all observed traffic originated from bots, with89% of bot traffic classified as unwanted -
Commerce websites attracted the largest proportion of unwanted bot traffic at
39% -
High technology organizations were the most targeted industry overall, representing
35% of observed attacks - Attempted logins using compromised passwords averaged over 1.3 million per day in March 2025, driven in part by the use of proxy services to automate activities
Security teams can reference the insights in this report to help harden their defenses, prioritize resources, and respond more effectively to common threats. From bot management to application-layer DDoS to compromised credentials, the Q1 report provides actionable guidance grounded in real-world telemetry.
To access the Fastly Q1 2025 Threat Insights Report, visit https://learn.fastly.com/security-threat-insights-report.
About Fastly, Inc.
Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver online experiences that are fast, safe, and engaging through edge compute, delivery, security, and observability offerings that improve site performance, enhance security, and empower innovation at global scale. Compared to other providers, Fastly’s powerful, high-performance, and modern platform architecture empowers developers to deliver secure websites and apps with rapid time-to-market and demonstrated, industry-leading cost savings. Organizations around the world trust Fastly to help them upgrade the internet experience, including Reddit, Neiman Marcus, Universal Music Group, and SeatGeek.
Learn more about Fastly at https://www.fastly.com, and follow us @fastly.
1 Trailing six-month average as of April 22, 2025.
2 As of April 22, 2025.
Source: Fastly, Inc.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250603998261/en/
Media Contact
Spring Harris
press@fastly.com
Investor Contact
Vernon Essi, Jr.
ir@fastly.com
Source: Fastly, Inc.
