E-commerce Portals Are Attacked With Distributed Multi-stage Scraping Attacks: Radware Bot Manager Research

The hyper-competitive e-commerce industry is known for devising ingenious ways to win business wars. One of such techniques is scraping of product categories, details, and pricing information. To dig deeper into it, our research team conducted a study on a popular e-commerce portal. Download the ebook

The study revealed some insightful yet surprising results. Let’s take a brief look at it:

• Scrapers plan attacks in various stages to exploit the vulnerabilities of existing systems such as WAFs, Intrusion Detection Systems/Intrusion Prevention Systems (IPS/IDS), and other in-house measures that lack the historical look-back, deep learning capabilities, and the ability to sniff automated behavior in syntactically-correct HTTP requests.
• Attackers use an exploit kit that comprises a combination of tools (such as proxy IPs, multiple UAs, programmatic/sequential requests) to evade detection and perform large-scale and sophisticated scraping attacks. Websites are then hit by bots from tens of thousands of new IPs that are used once, and never again. For instance, in the case that we examined, attackers scraped product information and pricing details of 651,999 products from 11,795 categories using a combination of exploit tools and fake user accounts.
• The ebook underlines that organized and sophisticated scraping attacks are fueled by the growing demand for data, pricing information, and market intelligence as many e-commerce firms either employ an in-house team or leverage the expertise of professional web scrapers to pull ahead of competitors.

The ebook also recommends an action plan for E-commerce players to combat scraping attacks.To download a copy of the ebook,
click here