Bots compose 42% of overall web traffic and almost two-thirds (65%) of these bots are malicious, according to a new State of the Internet (SOTI) report from cloud company, Akamai Technologies.
With its reliance on revenue-generating web applications, the e-commerce sector has been most affected by high-risk bot traffic. Although some bots are beneficial to business, web scraper bots are being used for competitive intelligence and espionage, inventory hoarding, imposter site creation, and other schemes.
There are no existing laws that prohibit the use of scraper bots, and they are hard to detect due to the rise of AI botnets, but there are some things companies can do to mitigate them, according to Akamai Technologies director of security technology and strategy for Asia Pacific and Japan, Reuben Koh.
“Every business with an online storefront relies on web scraper bots to some extent. The challenge arises when these bots are misused, as their similar functions make it difficult to distinguish between beneficial and malicious ones. It is then compounded by the rapidly evolving scraper landscape which renders traditional defenses like firewalls ineffective,” he said.
“Now, more than ever, e-commerce businesses, especially in APJ which is a key global commerce hub, must invest in solutions that are fit for purpose, capable of adapting and keeping up with the unpredictable and iterative attacks posed by malicious bots – especially if they are looking to regionalise and expand their customer base, opening them up to further threats.”
The report found that AI botnets have the ability to discover and scrape unstructured data and content that is in a less consistent format or location. In addition, they can use actual business intelligence to enhance the decision-making process through collecting, extracting, and then processing data.
Scraper bots can be leveraged to generate more sophisticated phishing campaigns by grabbing product images, descriptions, and pricing information to create counterfeit storefronts or phishing sites aimed at stealing credentials or credit card information.