ShieldSquare is now Radware Bot Manager

ShieldSquare is now Radware Bot Manager

Nearly Two-Third of Traffic Was Bad Bots on Login Pages of E-commerce Firms this Holiday Season

January 8, 2020 | All Automated Threats Bot Prevention Technologies Radware Research

How-E-Commerce-Sites-Can-Prevent-Cart-Abandonment
The E-commerce industry is growing fast. In a matter of seconds, lucrative shopping deals are being availed, and transactions are done. If an organization’s IT infrastructure is not up to the task of protecting applications that enable easy shopping, sophisticated automated attacks can happen in the blink of an eye.

The sophistication level of bad bots is increasing across the industries. Their ability to mimic human behavior and be distributed over thousands of IPs is a major cause of concern to e-commerce firms and their applications. For example, 56% of bad bots on e-commerce firms were of fourth-generation during Q1 – Q3, 2019. The fourth-generation bad bots are not only capable of mimicking human behavior, but they can also be distributed over thousands of IPs and can be daisy-chained to perform sophisticated automated attacks.


To better understand the threats that e-commerce firms are facing bad bots, Radware commissioned research to study the traffic of e-commerce firms monitored by it from across the globe. The goal of this research was to understand the different types of attacks that e-commerce firms are facing and bad bots’ behavior during big shopping days, such as Black Friday and Cyber Monday. The article answers the following questions in detail:

  • How bad bots targeted e-commerce firms during Black Friday and Cyber Monday
  • What are the most targeted industries by bad bots
  • What types of bots target e-commerce businesses
  • What are four major threats to e-commerce firms from bad bots

Black Friday and Cyber Monday 2019

  • On Black Friday, 38.6% of traffic was bad bots on e-commerce firms.
  • On Cyber Monday, 42.5% of traffic was bad bots on e-commerce firms.
  • These bots were observed performing account takeover, denial of inventory, and content scraping attacks, among others.

Figure 1: Traffic Distribution During Black Friday and Cyber Monday 2019


Account Takeover Attacks

  • Nearly two-thirds of the traffic on the login pages were bots during Black Friday and Cyber Monday. These bots were observed performing account takeover attacks during the shopping days.
  • Only one-third of the traffic was human on e-commerce sites during Black Friday and Cyber Monday this year
  • Most of these bots were AuthBots and were distributed over thousands of IPs.

Figure 2: Black Friday and Cyber Monday 2019 – Account Takeover Attacks


Denial of Inventory Attacks

  • Nearly 90% of the traffic on cart pages of e-commerce sites during Cyber Monday was bots on a significant number of e-commerce sites monitored by us.
  • On Black Friday, nearly two-thirds of the traffic was bots.
  • This was the reason behind the higher cart abandonment rate on this year’s Black Friday and Cyber Monday.

Figure 3: Black Friday and Cyber Monday 2019 – Denial of Inventory Attacks


Content Scraping Attacks

  • 40.1% of the traffic of category pages and 45.3% of the traffic on product pages was bots during Black Friday.
  • 41.8% of the traffic of category pages and 40.2% of the traffic on product pages was bots during Cyber Monday 2019.
  • These bad bots attempted to perform scraping of product listing and details from category and product pages of e-commerce firms.

Figure 4: Black Friday and Cyber Monday 2019 – Content Scraping Attacks


Most Targeted Industries by Bad Bots

  • With 26.4% of the traffic as bad bots, the e-commerce industry was the most targeted in the first three quarters of 2019, followed by real estate, online marketplaces and classifieds, and digital publishers.

Figure 5: Most Targeted Industries by Bad Bots


Types of Bots on E-commerce Businesses

  • 56% of bots on e-commerce firms were of the fourth generation.
  • Fourth-generation bots can be distributed over thousands of IPs based in different geographical locations and can masquerade as human users.
  • Detecting fourth-generation bad bots requires advanced technologies including intent analysis so that you can analyze a visitors intent and don’t end up blocking genuine users.

Figure 6: Types of Bots on E-commerce Businesses


Top Four Attacks on E-commerce Firms from Bad Bots

  • Account takeover, denial of inventory, content scraping, and carding are top four attacks on e-commerce firms
  • Login pages are the most targeted pages of e-commerce firms to take over user accounts or create fake accounts.
  • Cart abandonment by bots is another threat that e-commerce businesses are facing from bots.

Figure 7: Four Major Threats to E-commerce Firms from Bots


Conclusion

All large e-commerce platforms have sophisticated bot activity on their website, mobile apps, and APIs that can expose them to account takeover, scraping, denial of inventory, and loss of Gross Merchandise Value (GMV). E-tailers must be diligent in their approach to deal with sophisticated bad bots as attacks such as one on Black Friday and Cyber Monday can happen during the Christmas holidays as well.

Learn more about AuthBots in the E-commerce Industry Automated Threat Landscape report, download now

Note: A version of this article first appeared in Mobile Marketing Magazine.


Tags: , , , , ,

Subscribe to Radware Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Related Content

April 16, 2019
Reducing Bad Bot Traffic Improves Overall Search Engine Ranking on E-commerce Firms, Suggests ShieldSquare Research
February 11, 2019
Inside Good Bots: Why Management of Benign Traffic is Crucial
October 23, 2018
Marketers, Don’t Buy Traffic If You Can’t Accurately Evaluate Its Quality

Step Up and Take Action

Powered by Think201