Australia’s Growing Bot Threat Revealed


  • First-of-its-kind report shows 90% of credential abuse attacks* sent from within Australia
  • 90% of Australia’s top 250** websites can’t differentiate between customers & bots
  • Economic cost of bot attacks estimated at $2,000,000 per breach^

Kasada has debuted Bots Down Under – An Australian Market Threat Report revealing 90% of the nation’s credential abuse attacks* are delivered from within Australia via local ISP networks.

The report analysed two specific actionable issues for businesses. Bot geography, with Kasada deciphering how credential abuse attacks are delivered to companies through customer data – and, bot visibility, which saw the company investigate whether Australia’s top websites** can differentiate between browsers (real humans) and bots.

The study found a growing number of internationally-based cybercriminals are routing attacks via homegrown networks, debunking the ‘Island Australia’ theory that geo-blocking guards against attacks.

Furthermore, it was revealed that 90% of the country’s top websites were unable to differentiate a customer from a bot on login pages, which leaves bots free to attack, consume bandwidth, spike server costs and slow page loading.

Kasada CEO Sam Crowther said: “Bots Down Under is designed to educate Aussie businesses on the local threat landscape distinct to Australia. Attacks, particularly credential abuse, have the capacity to comprise everything from a customer’s personal information to business, and even national, security.”

“As many aspects of our lives are global – and much of our information now lives online – this shift places tremendous emphasis on businesses to protect and defend against potential threats,” said Crowther.

The economic impact of bot attacks on businesses is well documented – a cost equating to an average of $2 million across time, compensation and customer churn^. In 2018, credential abuse attacks represented the third-largest source of reported data breaches^^ – which are not only damaging to any company’s reputation, but they impact customers and business operations long after the attack has taken place.

Not only damaging to a company’s reputation, data breaches impact customers and business operation long after the attack has taken place.

“Cyber security is everyone’s business,” said AustCyber’s CEO Michelle Price. “This report highlights the reasons why all Australian organisations need to become cyber resilient. Kasada is a great example of a home-grown company offering highly adaptable solutions that provides an uplift to cyber security and quickly builds a picture of actionable information that companies can implement. AustCyber is proud to partner with Kasada to expand and grow their business in Australia and internationally.”

Kasada has been leading the fight against bots since 2015 and is trusted to protect the websites of leading Australian organisations, including ASX 100 companies. For more information on Kasada visit or phone 1300 768 601.

The report is available here:

* Credential abuse is the use of stolen passwords to exploit a customer’s data
** Top 250 websites via Alexa ranking
^ Cost of a Data Breach Study, Ponemon, 2018
^^OAIC, December 2018

About the research:
Kasada’s Bots Down Under – An Australian Market Threat Report focuses on two specific, actionable issues for Australian businesses: bot visibility and bot geography.

Conducted using three different bot automation tools simulating a common credential abuse attack, the report allows Kasada to determine whether a website could prevent a mock bot attack. At no stage did Kasada use a malicious tool or send any malicious requests. The study was followed by an analysis of Kasada data from more than 100 credential abuse attacks to identify how the attacks are delivered.