Headaches for the holidays … thanks to the Grinch Bots
Kasada’s Threat Intelligence team has prepared key insights observed in Kasada’s e-commerce traffic this holiday season.
Unsurprisingly, bots are back on the villain list this holiday season. We have seen a 10-fold increase in malicious login attempts in the period between Black Friday and Cyber ​​Monday, a sharp increase in gift card fraud due to the higher demand for them this year (due to the supply chain shortage), and we’ve discovered a fancy new Grinch Bot being used to mark merchandise during holiday sales with more success than ever before. Read on to get a full idea of ​​the impact bad bots have on holiday shopping.
Holiday shopping extends the season – and so do robots
There have been numerous articles summarizing the overall traffic levels of buyers during the cyber week. For example, according to Quickly, Black Friday was the busiest shopping day, with peaks 40% higher than Thanksgiving and 5% higher than Cyber ​​Monday. Traffic increased 27% before the holiday weekend compared to the start of the month. eMarketer concluded that the holiday season is stretching and flattening, with 19 days this holiday season where e-commerce sales topped $ 3 billion, down from just five days a year ago.
Similar to these other reports, Kasada also saw the “expansion†of holiday shopping, as the average daily e-commerce traffic during the Cyber ​​Five period (Thanksgiving to Cyber ​​Monday) did not. varied as much as in previous years. For example, the average daily traffic on Black Friday was only 21% higher than the day before, Thanksgiving. In addition, unlike in previous years, increased malicious bot activity started to be observed as early as October, possibly due to expected supply chain delays and the overall increase in online shopping over the past 18 months. .
The Kasada Threat Intelligence team gathered the main online shopping trends related to malicious bot activity as seen among our e-commerce customers, put into context by these global online shopping trends. . Kasada currently protects over $ 20 billion in ecommerce traffic per year, $ 10 billion in gift cards, and hundreds of millions of account logins.
Cyber ​​week is a western trend, even among kickers
Between Black Friday and Cyber ​​Monday, we saw the majority of bad bots come from the United States, followed closely by Australia and the United Kingdom. This year, China is particularly interesting because it is usually near the top of all the kicking activity we see – and it wasn’t during that time. This suggests that holiday sales after Thanksgiving are more of a Western trend, even among kickers.
Malicious Bot Traffic by Country (US Eastern Time)
Kasada continues to observe the use of residential proxy networks to hide their bots in seemingly legitimate traffic. In the United States, in particular, bots attempt to buy IP addresses specific to a retailer’s historical traffic, making it particularly difficult for e-commerce providers to distinguish between good and bad traffic.
Online fraud
4x more automatic gift card hacking attempts
Similar to the growth in human traffic before the Cyber ​​Five era, Kasada has seen an increase in online gift card fraud attempts as the holiday season approaches. We attribute this to the current “everything shortage†resulting from problems in the global supply chain. This shortage of merchandise prompted bot users to scavenge in-demand items that remained in stock, resell in secondary markets at significant mark-ups, forcing consumers to turn their attention to gift cards. Gift cards are being bought at a higher rate than ever before as they can act as a stopgap for consumers who encounter empty shelves.
Recent research from the Kasada cybersecurity research team found that automated gift card balance searches have multiplied by 4 in the last two months. This is a key indicator that scammers are using bots to identify and steal gift card balances. Additionally, Kasada has seen an increase in the number of stolen gift cards being sold at a discount over the open Internet. In previous years, this type of activity was generally carried out behind closed doors or on the darkweb.
10 times more malicious login attempts
The Kasada Threat Intelligence team identified a 10-fold increase in malicious login attempts due to credential stuffing during the period between Black Friday and Cyber ​​Monday, compared to the previous weeks of November .
Bad bot connections by country (Eastern US time)
These automated login attempts are most likely carried out to sell stolen account details, which are used for cleaning up credit cards, draining loyalty and reward points, and other forms of fraudulent activity. This year, we’ve seen the majority of credential jams happen on Black Friday and into the early hours of Saturday morning.
Decrease of sales
AIO creates a more efficient and effective Grinch bot
Trendy sales entice customers to buy products at a specific time and date. They’re designed to increase demand for anything sold – concert tickets, sneakers, PS5s, and more. They also provide a great opportunity for bot operators who exploit these situations to buy bloated inventory faster than any human.
As in previous years, some of the most sophisticated kicking activity occurs during the coveted hype drops, where high-demand, limited-edition products are marketed. Kasada has seen an increased use of all-in-one (AIO) robots, like Stellar AIO, which automate the scanning and payment process for hot items such as electronics.
Replenish lower electronics: The image above shows that over the course of several minutes, requests from bad bots exceeded those from humans by more than 13 times. The vast majority of bad bot requests have been made by a variant of Grinch Bot that we call “request botsâ€. The request bots are issued through an API and have successfully bypassed the legacy anti-bot provider that has been deployed to the edge, ahead of the Kasada Defense Department. If Kasada had not been deployed as an additional layer of defense, more than 90% of these requests would have been introduced into the customer’s infrastructure to find inventory, add to cart and automate payment.
These new demand bots quickly became the de facto method used for premium hype sales. The percentage of demand bots that made up the overall traffic in the above ad sale increased from 0% just before the sale started to 99% of all traffic for the duration of the ad sale itself . Once the inventory was gone, the query bots basically disappeared again until the next drop.
Kasada’s threat research analyzed the makeup of these demand bots and determined that their use for trendy sales is particularly effective due to (a) their light computational requirements, making them particularly economical and scalable and (b) their use of fraudulently generated or stolen telemetry data to bypass a multitude of anti-bot vendors.
Overall, the two bot trends that have grown significantly in 2021 for trending retailers are:
- Request bots – non-browser-based scripts that generate and maintain valid human tokens by replaying expected human telemetry to an anti-bot provider
- Headless browsers – heavily customized versions of major automation frameworks, such as Puppeteer Stealth and Playwright – including CAPTCHA bypass
Summary
It was especially difficult to stay ahead of the bots during this year’s Cyber ​​Five and the months leading up to it. Robots have been used not only to automate the purchase of goods in demand, but also to commit online fraud by using automation to crack gift card codes and to support accounts with customer information. stolen or purchased identification. Malicious automation continues to evolve with highly sophisticated custom open source tools, residential proxy networks, and query bots. By using APIs to replay the expected human telemetry, bots can trick most legacy anti-bot systems that remain vulnerable to such methods.
How did you behave during Black Friday and Cyber ​​Monday?
If the past year and a half has taught us anything, it’s that you’re ready until you’re not. Retailers have stepped up their online activities in anticipation of peak shopping season, but for many it still wasn’t enough. We have seen many customers realize the ineffectiveness of their previous anti-bot solution only after seeing the spike in traffic over the holiday season.
Bot operators have figured out how to get around defenses unable to keep up with modern trends. This correlates with the conclusions of our 2021 State of Bot Mitigation Survey, where 85% of respondents using bot management solutions said their solution lost effectiveness within 12 months of deployment.
If you’re not sure if bad bots are a problem for your business, you can quickly test your site here to see which bot threats you are failing to detect and stop.
With pleasure to show you more of our threat intelligence and modern approach to bot mitigation as we protect $ 20 billion in ecommerce revenue from some of the most complex bots – possibly the same ones hitting your digital channels.
Special thanks to James Schubach and Nick Rieniets for their in-depth analysis of this year’s holiday shopping activity.
*** This is a syndicated Security Bloggers Network blog from Kasada, written by Neil Cohen. Read the original post at: https://www.kasada.io/2021-bad-bot-ecommerce-holiday-insights/
