Blog, Events & News
The biggest bot threats to your brand in 2021
In our recent webinar Netacea’s Head of Threat Research, Matthew Gracey-McMinn and Head of eCommerce, Thomas Platt, delved into the top threats set to shape the bot landscape in 2021.
2020 saw an increasing number of bot-based attacks as everything moved online. From online shopping to working from home, the pandemic has changed the way we interact, communicate and consume. As internet activity increased, so did the opportunity to exploit users. And as a result, we saw bot attacks grow in prominence across the globe.
To discover which bot threats will pose the greatest threat to your brand in 2021, watch the webinar on-demand or catch the highlights in this handy roundup blog.
Evolving bot threats in 2021
The increase in online activity has made scalper, account takeover and carding attacks extremely appealing, as attackers seek to profit from shifting consumer behaviour. As lockdown begins to ease but restrictions are expected to remain in place for some months, we predict that the level of internet activity across the globe will remain high. So, why are these three specific bot attacks set to remain centre stage in 2021?
What are the top bot threats in 2021?
- Scalper bots
- Credential stuffing
- Carding attacks
The rise of the scalper bot
A scalper bot – often referred to as a sneaker bot – is used to automate part of, or the entirety of, the purchasing journey of goods or services through non-human means. They allow the attacker to automatically monitor websites for a selected target and place objects into the shopping cart, ready to resell or proceed straight to purchase.
Scalper bots are becoming increasingly well known as attackers target high-end ‘hot drops’ –whether it’s designer trainers or the new PS5 – and consequently receive extensive media coverage. Furthermore, the scalper bot industry is becoming increasingly professionalised as sub-industries develop, the number of scalper bot actors grows, elite bot groups come to the forefront, and cook communities and hybrid groups form. Many groups also receive significant investment.
Credential stuffing is on the up
Credential stuffing is a common account takeover technique used to gain brute force access to an account by continually, automatically injecting usernames and passwords into website login forms until they get a match. There are currently more than 15 billion attacks in circulation – up 300% from 2018.
During Covid-19 lockdowns, streaming services have become even more prolific. Accounts for these services have resale value, and attacks are very low risk with potentially very high payouts. Saved payment details mean attackers can impersonate users and gain access to streaming services with ease. Both consumers and businesses are exposed to risks, with the attacker able to carry out a range of illicit and often fraudulent activity once they have gained access.
Beware of carding attacks
Carding is the illegal use of credit or debit cards by unauthorised people – or ‘carders’ – to buy a product. It typically starts with an attacker gaining access to a store or website’s credit card processing system. Attackers test lists of payment card data to check for valid details, and small purchases are often made to validate the correct payment details and avoid suspicion.
As more people went online to buy groceries and other essentials during 2020, we saw more attacks targeting customer credentials. There are more, and smaller, stores online than ever before, and supporting online stores has become more popular, providing a prime opportunity for carders.
Protecting against bot threats in 2021
At Netacea we take a consultative approach to bot management. We work closely with you to understand not only the threats bots pose to your business in 2021 and beyond, but how our solution fits into your wider strategy and organisation.
Paired with our server-side approach and innovative Intent Analytics™ technology, this allows us to seamlessly integrate with your business and deliver accurate, intelligent and effective bot mitigation against this year’s most sophisticated threats.
Sign up for a personalised demo and find out how Netacea detects and mitigates against sophisticated bot attacks.
Take back control over your system.