The E-commerce industry is growing fast. In a matter of seconds, lucrative shopping deals are being availed, and transactions are done. If an organization’s IT infrastructure is not up to the task of protecting applications that enable easy shopping, sophisticated automated attacks can happen in the blink of an eye.
The sophistication level of bad bots is increasing across the industries. Their ability to mimic human behavior and be distributed over thousands of IPs is a major cause of concern to e-commerce firms and their applications. For example, 56% of bad bots on e-commerce firms were of fourth-generation during Q1 – Q3, 2019. The fourth-generation bad bots are not only capable of mimicking human behavior, but they can also be distributed over thousands of IPs and can be daisy-chained to perform sophisticated automated attacks.
To better understand the threats that e-commerce firms are facing bad bots, Radware commissioned research to study the traffic of e-commerce firms monitored by it from across the globe. The goal of this research was to understand the different types of attacks that e-commerce firms are facing and bad bots’ behavior during big shopping days, such as Black Friday and Cyber Monday. The article answers the following questions in detail:
- How bad bots targeted e-commerce firms during Black Friday and Cyber Monday
- What are the most targeted industries by bad bots
- What types of bots target e-commerce businesses
- What are four major threats to e-commerce firms from bad bots
Black Friday and Cyber Monday 2019
- On Black Friday, 38.6% of traffic was bad bots on e-commerce firms.
- On Cyber Monday, 42.5% of traffic was bad bots on e-commerce firms.
- These bots were observed performing account takeover, denial of inventory, and content scraping attacks, among others.
Account Takeover Attacks
- Nearly two-thirds of the traffic on the login pages were bots during Black Friday and Cyber Monday. These bots were observed performing account takeover attacks during the shopping days.
- Only one-third of the traffic was human on e-commerce sites during Black Friday and Cyber Monday this year
- Most of these bots were AuthBots and were distributed over thousands of IPs.
Denial of Inventory Attacks
- Nearly 90% of the traffic on cart pages of e-commerce sites during Cyber Monday was bots on a significant number of e-commerce sites monitored by us.
- On Black Friday, nearly two-thirds of the traffic was bots.
- This was the reason behind the higher cart abandonment rate on this year’s Black Friday and Cyber Monday.
Content Scraping Attacks
- 40.1% of the traffic of category pages and 45.3% of the traffic on product pages was bots during Black Friday.
- 41.8% of the traffic of category pages and 40.2% of the traffic on product pages was bots during Cyber Monday 2019.
- These bad bots attempted to perform scraping of product listing and details from category and product pages of e-commerce firms.
Most Targeted Industries by Bad Bots
- With 26.4% of the traffic as bad bots, the e-commerce industry was the most targeted in the first three quarters of 2019, followed by real estate, online marketplaces and classifieds, and digital publishers.
Types of Bots on E-commerce Businesses
- 56% of bots on e-commerce firms were of the fourth generation.
- Fourth-generation bots can be distributed over thousands of IPs based in different geographical locations and can masquerade as human users.
- Detecting fourth-generation bad bots requires advanced technologies including intent analysis so that you can analyze a visitors intent and don’t end up blocking genuine users.
Top Four Attacks on E-commerce Firms from Bad Bots
- Account takeover, denial of inventory, content scraping, and carding are top four attacks on e-commerce firms
- Login pages are the most targeted pages of e-commerce firms to take over user accounts or create fake accounts.
- Cart abandonment by bots is another threat that e-commerce businesses are facing from bots.
All large e-commerce platforms have sophisticated bot activity on their website, mobile apps, and APIs that can expose them to account takeover, scraping, denial of inventory, and loss of Gross Merchandise Value (GMV). E-tailers must be diligent in their approach to deal with sophisticated bad bots as attacks such as one on Black Friday and Cyber Monday can happen during the Christmas holidays as well.
Learn more about AuthBots in the E-commerce Industry Automated Threat Landscape report, download now
Note: A version of this article first appeared in Mobile Marketing Magazine.