Cybercriminals are using millions’ of ‘bad bot personas’ from thousands’ of distinct IP addresses to run distributed denial of service (DDoS) attacks, make fraudulent purchases, and scan for vulnerabilities that can be exploited on hundreds’ of e-Commerce sites during the Christmas season. This information has been revealed by Barracuda Networks, the email and cloud security company, in their most recent Threat Spotlight analyzing the threat facing shoppers and vendors this holiday season.
The holiday shopping season, which will be almost entirely online this year due to the UK’s tier-system lockdown, creates an attractive target for cybercriminals, and in mid-November, Barracuda researchers ran Barracuda Advanced Bot Protection in front of a test web application, and observed that it had been targeted by over 90 million bad bot personas from over 340,000 distinct IP addresses, in just a few weeks.
Bad bot personas are bots that have been identified as malicious based on their pattern of behaviour. The data gathered by Barracuda researchers shows a whopping 72 per cent of bad bot traffic belonged to unspecified malicious users, 5 per cent belonged to HeadlessChrome personas, and there was an increase in yerbasoftware and M12bot personas.
Interestingly, Barracuda researchers observed that, in the UK, bot activity peaks mid-morning and doesn’t fall off until closer to 5 pm, which suggests that the cybercriminals (aka ‘bot herders’) follow a regular working day.
The holiday shopping season this year will be like no other, and e-Commerce teams must ensure they carry out the necessary precautions to safeguard their applications against bad bots.
This includes installing a web application firewall, or ‘WAF-as-a-Service solution’, and make sure it is properly configured. Teams must also ensure application security solutions include anti-bot protection so they can effectively detect advanced automated attacks, and, ‘credential stuffing protection’ should be enabled to prevent account takeover.