Security by Sector: Bad Bots Targeting the E-Commerce Industry

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

The e-commerce industry has pretty much exploded in recent years, transforming the buying and selling market into a fast-paced, global and almost boundary-less cog in the modern economic landscape. It has been estimated that the value of global e-commerce sales will reach over $43tn this year, with some 12 to 24 million e-commerce sites believed to exist in the world.

However, as has always been all-too-evident, cyber-criminals and online fraudsters are exploiters of the popular and the profitable, and recent research from Imperva has shone a light on the impact of ‘bad bots’ targeting the booming e-commerce industry.

Imperva’s report discovered that the sophistication level of bots attacking e-commerce sites is on the rise, with nearly four-fifths (79.2%) classified as moderate or sophisticated, up from 75.8% in 2018.

The firm analyzed 16.4 billion requests from 231 domains during the month of July 2019, finding that e-commerce traffic consists of more bad bots (17.7%) than good bots (13.1%), and that they are also getting harder to detect.

“E-commerce companies are in a continuous and varied war against bad bots. There are consistent business problems created that are caused by the continual barrage of bots,” Imperva’s report read.

These nefarious activities not only damage the customer experience and brand, Imperva warned, but they can also lead to poor website performance and even downtime, ultimately resulting in lost revenue.

There are various perpetrators of bad bots within the e-commerce sector, each with their own goals and attack methods, the research continued. These include competitors seeking to scrape pricing and market intelligence data to be more competitive, resellers looking to steal product information, criminals attempting to commit fraud and abuse credit card data through account takeover, and investment companies gathering “alternative data” for investment purposes.

What’s more, bad bots are using highly-popular browsers to mask their identities, Imperva noted. These include Chrome (66% of bad bots), Firefox, (13.6%) and Safari 96.8%). In terms of countries of origin, the research discovered that e-commerce bot traffic is mainly coming from the US (63.6%), Germany (10.1%) and France (6.2%).

“This study shows that bad bots cause round-the-clock damage on e-commerce websites, APIs and mobile apps,” said Tiffany Olson Kleemann, VP of bot management at Imperva and former CEO of Distil.

“We agree with the approach taken in proposed legislation to ban the use of ‘Grinch bots’ and ‘sneaker bots,’ which are used to scalp limited edition, high-demand inventory, yet we know from first-hand experience that legal action alone is not enough. Online retailers must also practice good web security hygiene and take advantage of the technology solutions at their disposal to protect their websites and customers. Gaining a granular understanding of bot threats is a critical first step in the right direction.”

What’s hot on Infosecurity Magazine?