Jingle Bells Jingle Bells Sings the Bots
A new data has been released on the latest fraud and malicious automation trends, revealing increased threats during the holidays; rising attacks by bots; and the discovery of a new amped up All in One (AIO) Grinch Bot that is being used extensively during hype drop sales.
Malicious automation trends
- 4x increase in automated online gift card lookup attempts
- 10x increase in malicious login attempts due to credential stuffing
- Discovery of a new type of sophisticated all-in-one bot used prominently during hype drop sales that is more efficient and effective than its predecessors
- Majority of Black Friday bad bots come from the USA, followed by Australia and the UK
The level of sophistication that witnessed within the bot community is at an all-time high as they continue to collaborate and improve upon their methods to conduct online fraud and generate profits through the use of malicious automation.
Gift card fraud
Gift cards have been purchased at a higher rate than ever before, serving as a stopgap for consumers who encountered empty shelves. It is predicted that gift cards will make up 40% of total gift purchases this season, making them an ideal target for fraudsters.
Automated gift card balance lookups quadruple over the past two months. This is a key indicator that fraudsters are using bots to identify and steal gift card balances. Typically, stolen cards are spent before they are actually received as gifts, meaning people may be unintentionally giving zero-balance gift cards to friends and loved ones this season.
Credential stuffing – Malicious Attempts
There has been a dramatic increase in account takeover attempts fueled by large-scale credential stuffing. This occurs where attackers use credentials from other breaches to takeover customer accounts to sell stolen account details, which are used for credit card washing, loyalty, gift card and reward points draining.
There was a 10x increase in malicious login attempts due to credential stuffing during the period between Black Friday and Cyber Monday, compared to the prior weeks in November.
AIO breeds new Grinch Bot
The most sophisticated botting activity occurs during coveted hype drops, where high-demand and limited-edition goods are released at a specific time and day. This year there was a heightened use of all-in-one bots (AIO) which automate the scanning and checkout process for hot items such as electronics.
Researchers discovered a new Grinch Bot overtaking the types previously used. This new bot, which replays stolen telemetry through an API, is especially economical, scalable, and effective, while allowing it to bypass legacy anti-bot detection methods.
This new bot has quickly become the de-facto method used for premium hype sales. The team observed in recent hype sales that this new Grinch Bot spikes from 0% to 99% of the total bot requests for the duration of the sale, and then once the inventory is gone, it disappears until the next drop.
U.S. leads in Black Friday attacks – but China took the holiday off
During the period between Black Friday and Cyber Monday, the majority of bad bots were coming from the USA, followed closely by Australia and the United Kingdom.
The attacks originating from China are typically near the top of any botting activity list, but during this time period China was 6th at only 2.3% of overall bad bot traffic. This suggests that post-Thanksgiving holiday sales are more of a western trend, even amongst botters.
Researchers continue to observe the use of residential proxy networks to hide bots within seemingly legitimate traffic. Within the United States, bot operators have purchased IP addresses that are specific to a retailer’s historical traffic, making it difficult for eCommerce providers to distinguish between good and bad traffic.