Tuesday, 19 May 2020 18:39

Here are the four verticals most targeted by bad bots

Pavan Thatha, Radware Pavan Thatha, Radware

GUEST OPINION by Pavan Thatha, Radware: The data sought by cybercriminals vary from one vertical to another, whether banking credentials, medical records, pricing information or confidential research, to name just a few.

In some cases, cybercriminals write and deploy very sophisticated bots to overcome security measures and take over user accounts, disrupt service availability and exploit vulnerabilities in applications and APIs. In other cases, businesses directly target their competitors, commonly deploying bad bots to scrape the content and aggregate data such as product names and pricing.


The e-commerce industry grew 15% in 2019. The vertical industry reports an increase in bad bot attacks on its web applications, mobile apps and APIs.

Bad bot attacks are common across all applications, from payment fraud on checkout pages to content scraping (prices or product info) on product pages, coupon scraping, inventory holdups and cart abandonment, as well as various forms of account takeover, including brute force and credential stuffing on the homepage or user login page.

Since every disruption affects revenue, most e-commerce companies invest heavily in protecting their applications. So we see an extremely high amount (58%) of distributed, mutating bots within the total bad bot activity for this vertical. Hackers use sophisticated bots to evade bot management technologies that rely on data and behavioural profiling that are not big enough to produce correlations between different violations.

Data about bad bot attacks on e-commerce sites reveal a mix of sophistication levels. Some attacks such as scraping can be performed by simple scripts or headless browser bots. Denial of inventory and account takeover attacks require advanced capabilities to impersonate a real human user.

Media & publishing

Media and publishing outlets use many good bots for advertising and affiliate programs. Their main challenges are to filter out dirty bot traffic as well as to correct marketing analytic tools.

In this vertical, it is common for competitors and ad platforms to scrape data and content or attempt to skew the analytics of the media campaigns causing further harm by leading the targeted publisher to make thwarted decisions that are based on false data.

Online marketplaces & classifieds

Marketplaces and classifieds rely on the credibility and trust of consumers to grow their businesses. As they attract more traffic, these companies benefit from performing as hubs for advertisements.

Their objective is to keep ads secure from scraping — especially from competitors — which may also run scripts to collect users’ sign-up information. This effort is why we see more bad bot traffic against the homepage.

Travel & hospitality

Travel and hospitality organisations such as airlines, transportation and hotel chains rely heavily on online purchases. Cybercriminals target their sites with attacks that mainly use human-like and distributed mutating bots to bypass security tools.

Nearly two-thirds of ad bots accessing their web properties are considered sophisticated bots.

The most common bot attack type identified is denial of inventory. Twenty-nine percent of the traffic to booking sections is generated by bad bots. These bots can hold inventory for as long as the bot herder chooses making it unavailable to real users, thus causing an immediate financial impact on the victim.

Empty hotel rooms are locked up and airline seats go unsold. The bots run in a loop and hold the rooms or tickets after timeouts are generated and the inventory is supposed to go back to the pool. The loss is even greater as the airline must pay a small amount to a Global Distribution System (GDS) per every request. Another common issue is bot activity that takes advantage of loyalty programs rewards.

pic 1 1

pic 2 1

pic 3 1

pic 4 1

pic 5

pic 6

pic 7

Read 2258 times

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.



Related items

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News