New Grinch Bot Research: 4x Increase in Online Gift Card Fraud Attempts, 10x Increase in Malicious Login Attempts, Majority of Bots from US
Kasada, provider of the most effective and easiest way to defend against advanced bot attacks, today released new data on the latest fraud and malicious automation trends, revealing increased threats during the holidays; rising attacks by bots; and the discovery of a new amped up All in One (AIO) Grinch Bot that is being used extensively during hype drop sales.
In its post today, the Kasada Threat Intelligence team shares trends and key insights based on its customers' eCommerce traffic this holiday season.
Key Highlights Include:
"As we approach 2022, the frequency and severity of bad bots continue to threaten online businesses," said Sam Crowther, CEO and founder, Kasada. "The level of sophistication we are witnessing within the botting community is at an all-time high as they continue to collaborate and improve upon their methods to conduct online fraud and generate profits through the use of malicious automation."
Gift Card Fraud - the Unintended Gift - Drove a 4x Increase in Fraud Attempts
Gift cards have been purchased at a higher rate than ever before, as they've served as a stopgap for consumers who encountered empty shelves. It is predicted that gift cards will make up 40% of total gift purchases this season, making theman ideal target for fraudsters. Kasada saw automated gift card balance lookups quadruple over the past two months. This is a key indicator that fraudsters are using bots to identify and steal gift card balances. Typically, stolen cards are spent before they are actually received as gifts, meaning people may be unintentionally giving zero-balance gift cards to friends and loved ones this season.
Credential Stuffing - 10x Increase in Malicious Login Attempts
Kasada has seen a dramatic increase in account takeover attempts fueled by large-scale credential stuffing. This occurs where attackers use credentials from other breaches to takeover customer accounts to sell stolen account details, which are used for credit card washing, loyalty, gift card and reward points draining. Kasada identified a 10x increase in malicious login attempts due to credential stuffing during the period between Black Friday and Cyber Monday, compared to the prior weeks in November.
AIO Breeds New Grinch Bot Variant
Similar to prior years, some of the most sophisticated botting activity occurs during coveted hype drops, where high-demand and limited-edition goods are released at a specific time and day. This year Kasada saw a heightened use of all-in-one bots (AIO) which automate the scanning and checkout process for hot items such as electronics.
In addition, Kasada researchers discovered a new Grinch Bot overtaking the types previously used. This new bot, which replays stolen telemetry through an API, is especially economical, scalable, and effective, while allowing it to bypass legacy anti-bot detection methods.
Kasada researchers have noticed that this new bot has quickly become the de-facto method used for premium hype sales. The team observed in recent hype sales that this new Grinch Bot spikes from 0% to 99% of the total bot requests for the duration of the sale, and then once the inventory is gone, it disappears until the next drop.
U.S. Leads the Globe in Black Friday Attacks - But China Took the Holiday Off
During the period between Black Friday and Cyber Monday, Kasada saw the majority of bad bots coming from the USA, followed closely by Australia and the United Kingdom.
Past research has shown that attacks originating from China are typically near the top of any botting activity list, but during this time period China was 6th at only 2.3% of overall bad bot traffic. This suggests that post-Thanksgiving holiday sales are more of a western trend, even amongst botters.
Kasada researchers continue to observe the use of residential proxy networks to hide bots within seemingly legitimate traffic. Within the United States, bot operators have purchased IP addresses that are specific to a retailer's historical traffic, making it difficult for eCommerce providers to distinguish between good and bad traffic.
Kasada currently protects more than $20 billion in eCommerce traffic annually, $10 billion in gift cards, and hundreds of millions of account logins.
Kasada is the most effective and easiest way to defend against advanced persistent bot attacks across web, mobile, and API channels. With Kasada, trust in the Internet is restored by foiling even the stealthiest cyber threats, from credential abuse to data scraping. The solution invisibly stops automated threats while inflicting financial damage to attackers, destroying their ROI. With the ability to onboard in minutes, Kasada ensures immediate and long-lasting protection while empowering enterprises with optimal online activity. Kasada is based in New York and Sydney, with offices in Melbourne, San Francisco, and London. For more information, please visit www.kasada.io and follow on Twitter, LinkedIn, and Facebook.
Rethinking the Organization: Success Strategies for Hybrid Work
Session Details TBA
Blockchain Keynote: Reinventing Higher Education