Malicious scalper bots hoarded COVID-19 PPE in 2020 to profit from the pandemic, and could disrupt crucial vaccine supply chains this year, according to Imperva.
The security vendor’s 2021 Imperva Bad Bot Report claimed to have recorded the highest percentage of malicious bot traffic (26%) since the inception of the report in 2014. Over 40% of all web traffic requests originated from a bot last year.
The majority (57%) of “bad bot” traffic observed by Imperva last year was down to so-called “advanced persistent bots,” which it said are harder to detect as they closely imitate human behavior. These were involved in a range of malicious activities, including price scraping, content scraping, account creation and takeover, fraud, denial of service and denial of inventory.
Scalper bots leaped into action at the end of the year to buy-up large volumes of new gaming consoles, driving up market demand, before selling them for a profit. Imperva claimed that bad bot traffic to retail websites globally rose 788% between September and October 2020.
They were also out in force buying up in-demand COVID-related products such as face masks, sanitizers and detergents, as well as other items made popular by the pandemic such as home workout gear.
Imperva warned that automated scripts could yet disrupt vaccine roll-outs. It has recorded a 372% increase in bad bot traffic to healthcare websites since September 2020 and claimed that, as vaccines became widely available, rates spiked to 12,000 requests per hour.
Such traffic volumes could overwhelm the websites of healthcare organizations, pharmacies and retailers involved in the rollout, making it harder for legitimate customers to access appointment scheduling services, it said.
“As we’ve monitored over the past eight years, bad bots continue to ravage the internet, while attack characteristics are becoming more advanced and nuanced over time,” said Edward Roberts, director of strategy, application security, at Imperva.
“Throughout the past year and during a global pandemic, they have thrived by targeting new markets and the impacts are now felt by everyday consumers. Organizations must take proactive action to secure their websites, applications and APIs from these threats as bots are increasingly involved in fraudulent activity that can be a source of reputational and financial damage.”