Automated cyber attacks on e-commerce companies “growing more sophisticated”

Imperva, the cyber security specialist, has released the first industry-specific study into the impact of bad bots on the e-commerce industry. Developed by the Imperva Bot Management threat research team (formerly the Distil Research Lab), a group of dedicated analysts who examine the most sophisticated automated threats, the in-depth report – entitled ‘How Bots Affect e-Commerce’ – analysed no less than 16.4 billion requests from 231 domains during July. It finds that the sophistication level of bots attacking e-commerce sites is on the rise, with nearly four-fifths (79.2%) classified as moderate or sophisticated, which is up from 75.8% in 2018.

e-commerce companies suffer from a continual barrage of bad bots that criminals, competitors, resellers and investment companies use to carry out unauthorised ‘price scraping’, inventory checking, denial of inventory, ‘scalping’, customer account takeover, gift card abuse, spam comments, transaction fraud and more. These nefarious activities not only damage the customer experience and brand, but can also lead to poor website performance and even downtime, ultimately resulting in lost revenue during peak traffic times like Black Friday and Cyber Monday.

“This study shows that bad bots cause round-the-clock damage on e-commerce websites, APIs and mobile apps,” said Tiffany Olson Kleemann, vice-president of bot management at Imperva and former CEO of Distil. “We agree with the approach taken in proposed legislation to ban the use of ‘Grinch bots’ and ‘sneaker bots,’ which are used to ‘scalp’ limited edition, high-demand inventory, yet we know from first-hand experience that legal action alone isn’t enough. Online retailers must also practice good web security hygiene and take advantage of the technology solutions at their disposal to protect their websites and customers. Gaining a granular understanding of bot threats is a critical first step in the right direction.”

Key findings of the report

*Bad bots, good bots and humans e-commerce traffic consists of 17.7% bad bots, 13.1% good bots and 69.2% humans

*Sophistication level Bad bots on e-commerce sites are becoming more advanced and difficult to detect. As stated, nearly four-fifths (79.2%) are classified as moderate or sophisticated, while those classified as simple decreased from 24.2% to 20.8%. The rise in sophistication is due to the ‘arms race’ in play between bot operators and bot mitigation technology

*Variety of attacks The variety of bot attacks is more diverse in e-commerce than in many other industries. These attacks include unauthorised price and content scraping, denial of inventory, ‘scalping’ by resellers, customer account takeover, credit card fraud and gift card fraud

*Country of origin The Top Five countries from which e-commerce bad bots originate are the US (63.6%), Germany (10.1%), France (6.2%), Canada (5.5%) and China (4.9%). Each country contributes a higher proportion of bad bot traffic on e-commerce sites compared to other industries

*Browser impersonation The Top Five browsers that e-commerce bad bots use to mask their identities are Chrome (66%), Firefox (13.6%), Safari (6.8%), SEMRush (4.9%) and Android Webkit (2.2%), illustrating that the majority of e-commerce bots are attempting to hide in plain sight by impersonating the most popular browsers

To download the full report visit:

Imperva is hosting a webinar on Tuesday 1 October 10.00 am to discuss the findings of the report. To register access:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts