Top 3 business verticals most targeted by bad

Must Read

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavours (always-on or on-demand)

How tech bolster security of online gaming platforms

The rise of and is evident throughout the world’s financial capitals with the UK, US, and a few other European nations at the forefront

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the   threats themselves.

The data sought by cybercriminals vary from one vertical to another, whether banking credentials, medical records, pricing information or confidential research, to name just a few.

In some cases, cybercriminals write and deploy very sophisticated to overcome security measures and take over user accounts, disrupt service availability and exploit vulnerabilities in applications and APIs. In other cases, businesses directly target their competitors, commonly deploying bad bots to scrape the content and aggregate data such as product names and pricing.


The e-commerce industry grew 15% in 2019. The vertical industry reports an increase in bad bot attacks on its web applications, mobile apps and APIs.

The e-commerce industry grew 15% in 2019. The vertical industry reports an increase in bad bot attacks on its web applications, mobile apps and APIs.
The e-commerce industry grew 15% in 2019. The vertical industry reports an increase in bad bot attacks on its web applications, mobile apps and APIs. (Photo: )

Bad bot attacks are common across all applications, from payment fraud on checkout pages to content scraping (prices or product info) on product pages, coupon scraping, inventory holdups and cart abandonment, as well as various forms of account takeover, including Brute Force and credential stuffing on the homepage or user login page.

Since every disruption affects revenue, most e-commerce companies invest heavily in protecting their applications. Therefore, we see an extremely high amount (58%) of distributed, mutating bots within the total bad bot activity for this vertical. Hackers use sophisticated bots to evade bot management technologies that rely on data and behavioral profiling that are not big enough to produce correlations between different violations.

Types of bad bots targeting the e-commerce industry

Data about bad bot attacks on e-commerce sites reveal a mix of sophistication levels. Some attacks such as scraping can be performed by simple scripts or headless browser bots. Denial of inventory and account takeover attacks require advanced capabilities to impersonate a real human user.

Levels of bad bot sophistication when committing attacks on e-commerce sites.

Media & Publishing

Media and publishing outlets use many good bots for advertising and affiliate programs. Their main challenges are to filter out dirty bot traffic as well as to correct marketing analytic tools. In this vertical, it is common for competitors and ad platforms to scrape data and content or attempt to skew the analytics of the media campaigns causing further harm by leading the targeted publisher to make thwarted decisions that are based on false data.

Online Marketplaces & Classifieds

Marketplaces and classifieds rely on the credibility and trust of consumers to grow their businesses. As they attract more traffic, these companies benefit from performing as hubs for advertisements. Their objective is to keep ads secure from scraping — especially from competitors — which may also run scripts to collect users’ sign-up information. This effort is why we see more bad bot traffic against the homepage.

Travel & Hospitality

Travel and hospitality organizations such as airlines, transportation and hotel chains rely heavily on online purchases. Cybercriminals target their sites with attacks that mainly use human-like and distributed mutating bots to bypass security tools. Nearly two-thirds of ad bots accessing their web properties are considered sophisticated bots.

Types of bad bots targeting the travel industry

The most common bot attack type identified is denial of inventory. Twenty-nine percent of the traffic to booking sections is generated by bad bots. These bots can hold inventory for as long as the bot herder chooses making it unavailable to real users, thus causing an immediate financial impact on the victim.

Empty hotel rooms are locked up, and airline seats go unsold. The bots run in a loop and hold the rooms or tickets after timeouts are generated and the inventory is supposed to go back to the pool. The loss is even greater as the airline must pay a small amount to a Global Distribution System (GDS) per every request. Another common issue is bot activity that takes advantage of loyalty programs rewards.

The author is Managing Director-India, SAARC & Middle East at Radware. Views are personal.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles