There has been a meteoric rise in bot traffic in the final few months of 2020, according to data from cyber-security firm, Imperva. Conducting an analysis into bot behaviour over the past year—which it says now accounts for more than a quarter of all web requests—the firm claims the major launch period leading up to the holidays saw a gargantuan increase in bot traffic headed to retail websites, namely to snap up stock.
The firm reports an increase in bot activity to retail sites of 788 percent between September and October 2020 alone.
As the report states, the date of the sudden increase in bot activity coincides with the release of both the PlayStation 5 (opens in new tab) and Xbox Series X (opens in new tab). That's no coincidence, I'm sure. Further to that PC gamers will think to the release of Nvidia's RTX 30-series and AMD's RX 6000-series graphics cards during that same period, which have been subject to serious bot battering and shortages ever since.
If you think that's one too many terrifying stats for one day, then boy should you stay well away from the complete Imperva Bad Bot Report 2021 (opens in new tab). It's filled with terrifying statistics on dodgy web surfers that'll make any would-be PC hardware consumer in fits of rage.
"As we’ve monitored over the past eight years, bad bots continue to ravage the internet, while attack characteristics are becoming more advanced and nuanced over time,” Edward Roberts, Imperva's director of strategy, application security, says. “Throughout the past year and during a global pandemic, bad bots have thrived by targeting new markets and the impacts are now felt by everyday consumers."
Retailers I've spoken with have also relayed a similar message; of an ever-changing bot strategy that requires constant shifting of defences to keep up with and prevent bots from being effective.
Imperva calls those bots specifically targeting high-value items at Christmas 'Grinch Bots', which is a term I'm inclined to use often from here on out.
The data presented in the report is pulled from Imperva's own network of cyber security products—its stake in the business of bot protection is absolutely something to keep in mind when reading the report—and includes "billions of bad bot requests anonymized over thousands of domains".
Imperva states that its data set reports solely application layer bad bot activity. That's a key distinction, the report explains, as it rules out bot activity typically found as part of a DDoS attack.
Said activity is far more widespread than retailers and Grinch Bots, of course. Healthcare websites, mobile browsers, government websites, and news sites all remain popular destinations for digital ne'er do wells. Phishing, fraud, scraping, theft, and account hacking are all listed as relatively common uses for bots online.
Most often sites in the United States are subject to bad bot traffic, the report suggests, with China and the United Kingdom coming in at second and third, respectively. These bots are said to most often originate from within the same country they target, which puts the US way out front in terms of being a bot source, too.
But don't fret, there are also 'good bots' fighting the good fight for useful information and automation. Those which only occasionally totally screw over web analytics and slow down servers for legitimate human users.
The scale of bot use has remained something of a nebulous concept when it comes to reselling practices for PC components—we all knew it was happening, but the extent to which is not easily measured—until now. While the actual numbers from across the web may differ somewhat from those collected by Imperva's systems, even as a snapshot of the possible scale of bad bot activity, these figures offer a glimpse of what we're having to contend with just to pick up the latest silicon today.