Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

Pandemic Pushes Bot Operators to Redirect Efforts

As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.

Shifts in consumer activity due to the coronavirus pandemic altered the activity of automated software programs, also known as bots, in 2020, according to a new Imperva report.

Heathcare and gambling sites saw notable increases in bots — both those labeled "good" and "bad" by the web application security firm. Bots accounted for 35% of traffic to healthcare sites, up from 21% in 2019, and 34% of traffic to gambling sites, up from 19% in 2019. While bot traffic to healthcare sites climbed throughout the year — almost quadrupling by the end of 2020 — both e-commerce and government sites saw a significant increase only in the last quarter.

Related Content:

Bad Bots Build Presence Across the Web

Special Report: How Data Breaches Affect the Enterprise

New From The Edge: The CISO Life Is Half as Good

The surge in bots to e-commerce sites coincided with the release of next-generation gaming consoles, while the influx of traffic to government sites may be related to the US elections, says Edward Roberts, director of strategy at Imperva.

"The model here is that bots will go wherever they can make money," he says. "And we expect them to jump to other industries, if there is high demand — and if it is something vital or life-threatening, then [how we respond] becomes even more important."

The report focuses on bad bots, which the company sees as a threat to its customers. 

Some of the automated activity would likely be considered malicious by most observers. Hustlers who use automation to hoard in-demand items and gouge consumers, and cybercriminals who use bots to attempt credential-based attacks, such as credential stuffing or password spraying, are both bad bots that most would also consider malicious.

Imperva calls such bots "the pandemic of the Internet."

"Bad bots interact with applications in the same way a legitimate user would, making them harder to detect and block," Imperva states in the report. "They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities."

The report found that the actual pandemic affected bot operators in different ways. Changes wrought by stay-at-home orders offered new opportunities for those who wanted to use automation to collect data, while closing off other opportunities. Ticket scalpers, who usually descend on popular concerts to buy tickets, found themselves suffering diminished profits, for example.

"[T]he pandemic resulted in a reduction of traditional scalpers' sources of income," the report stated. "Concerts and sporting events were canceled or took place without live audiences."

Yet, at the same time, a variety of goods — from masks to gaming consoles — became the target of scalpers and hoarders. And with supply chain disruptions causing shortages, scalpers also found additional opportunities to hoard desired goods and bilk consumers.

The divide between good bots and bad bots is pretty fluid because much of the Internet relies on bots. Search firms crawl websites to create indexes and deliver results for specific queries. Other companies rely on scraping data from sites to offer consumer services. While businesses may want to block the leak of such information, most other Internet users would not consider these activities to be bad. In fact, a US appeals court upheld the legality of data analytics firm HiQ Labs scraping data from LinkedIn in a 2019 ruling.

However, from a business perspective, any activity that is not human is often considered bad. Anti-bot service provider Kasada clarified that "if you're serving up traffic to bots, you're spending money on infrastructure, systems, tools, and personnel that you shouldn’t have to."

However, Imperva's report warned — without evidence — that increased activity to healthcare sites could presage the hoarding of vaccine appointments. Noting the existence of sites such as TurboVax, which uses automated scanning to help people find open vaccine appointments, the company raised the question of whether scammers could use bots to reserve, and then resell, time slots for vaccine appointments. 

"These helpful bots were created with good intentions, but it’s not far-fetched to imagine others creating similar tools in order to sell the appointment to the highest bidder for the opportunity to jump the queue," the report states.

Asked about the statements, Roberts clarified that the company had actually dismissed the theory.

"People aren't hoarding vaccine appointments — we put that [question] to ourselves and that doesn't seem that they could resell those slots," he says. "I think it is more people creating these helpful bots to try and help people and help society get over this once in a lifetime pandemic."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1678
PUBLISHED: 2022-05-25
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
CVE-2021-32966
PUBLISHED: 2022-05-25
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP s...
CVE-2021-32989
PUBLISHED: 2022-05-25
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
CVE-2021-32997
PUBLISHED: 2022-05-25
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 ver...
CVE-2021-35487
PUBLISHED: 2022-05-25
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, dat...