Advanced bots, which mimic human shoppers to snap up bargains for resale at higher prices, make up more than half of automated retail traffic for the first time ever, a cybersecurity analyst says.
Imperva issued the warning ahead of Black Friday sales day on November 24th, aimed at roughly coinciding with the Thanksgiving holiday in the US.
Imperva said that it had seen “bad bot traffic on retail sites [...] associated with advanced bots” topping 50% of the total for the first time ever.
“This breed of sophisticated bot can evade basic defenses and carry out dangerous, disruptive attacks,” it added, describing the upgraded machines as more difficult to detect and therefore prevent.
“Grinch bots – a breed of sophisticated scalping bots – often disrupt holiday sale events and product drops,” said Imperva. “They query online inventories and purchase the most sought-after items of the season, for the purpose of reselling them at a significant markup.”
“In comparison to prior years, the sophistication of bots is hard to overlook,” it added, citing figures for last year and 2021 that found only 31.1% and 23.4% of bots to be “advanced.”
Imperva claims there are “indicators” to suggest that attacks against online retailers will rise during the 2023 holiday shopping season, with bad bot attacks on retail sites rising by 14% since July.
Britain braces for trouble
Most of these attacks have been focused on “US-based e-commerce sites” but the retail sector in the UK – where the Black Friday shopping fiesta has steadily grown in popularity – is also bracing itself for trouble, with the proportion of automated attacks there recorded as eight percentage points higher than the global average of 22%.
“UK retailers are set to face a surge in cyber threats this winter,” said Imperva. “In the world of online shopping, web apps and APIs drive e-commerce operations, allowing users to browse, add items to carts, and make purchases – meaning attacks can result in mass data loss, private information theft, and service disruptions.”
It added: “For vulnerable retailers, this has the potential to impact their bottom line and undermine end-of-year sales.”
“The rise of automated attacks is likely to continue through Black Friday and Cyber Monday,” said Imperva. “Grinch bots could again be involved in the disruption of holiday sales events and limited product launches.”
It adds that, since the beginning of September, distributed denial of service (DDoS) attacks against retailers have also begun to rise again, “underscoring the annual trend of cybercriminals increasing attacks at the beginning of the holiday shopping season.”
“These attacks often come from vast networks of automated bots or compromised devices, known as botnets,” it said, referring to when cybercriminals marshal a ‘zombie’ army of hijacked computers to overwhelm target systems.
More from Cybernews:
Subscribe to our newsletter