Meet Us at AWS re:Invent 2019 | Book a Meeting Now

E-commerce Portals Are Attacked With Distributed Multi-stage Scraping Attacks: ShieldSquare Research

September 21, 2018 | All Automated Threats Bot Prevention Technologies ShieldSquare Research

e-book

The hyper-competitive e-commerce industry is known for devising ingenious ways to win business wars. One of such techniques is scraping of product categories, details, and pricing information. To dig deeper into it, our research team conducted a study on a popular e-commerce portal. Download the ebook


The study revealed some insightful yet surprising results. Let’s take a brief look at it:

  • Scrapers plan attacks in various stages to exploit the vulnerabilities of existing systems such as WAFs, Intrusion Detection Systems/Intrusion Prevention Systems (IPS/IDS), and other in-house measures that lack the historical look-back, deep learning capabilities, and the ability to sniff automated behavior in syntactically-correct HTTP requests.
  • Attackers use an exploit kit that comprises a combination of tools (such as proxy IPs, multiple UAs, programmatic/sequential requests) to evade detection and perform large-scale and sophisticated scraping attacks. Websites are then hit by bots from tens of thousands of new IPs that are used once, and never again. For instance, in the case that we examined, attackers scraped product information and pricing details of 651,999 products from 11,795 categories using a combination of exploit tools and fake user accounts.
  • The ebook underlines that organized and sophisticated scraping attacks are fueled by the growing demand for data, pricing information, and market intelligence as many e-commerce firms either employ an in-house team or leverage the expertise of professional web scrapers to pull ahead of competitors.


The ebook also recommends an action plan for E-commerce players to combat scraping attacks.To download a copy of the ebook,
click here


Tags: , , ,

Subscribe to ShieldSquare Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Related Content

October 18, 2019
The Impact Of Web Scraping
August 3, 2018
Is On-site Search The Shortest Path For Scraper Bots?
Drupal ShieldSquare
April 10, 2017
Protect your Drupal-Powered website from bot threats in real-time

Step Up and Take Action

Powered by Think201