Application Security: Operating in the Pandemic - New trends in web traffic and attack patterns - PerimeterX
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Research Paper Application Security: Operating in the Pandemic New trends in web traffic and attack patterns
Research Paper | Application Security: Operating in the Pandemic
We are in an unprecedented time with COVID-19. Around the world,
we have seen decisive actions taken to prevent a catastrophic
scenario where health care systems are overwhelmed and care is
rationed due to lack of ventilators, beds and trained medical staff. We
know that “social distancing” is critical. Families and individuals are
spending more time in their homes or outdoors at a six-foot distance
from others, and many common daily interactions are moving online.
Virtual meetings are often the only way for families and organizations to have face-
to-face connections. People are ordering online and relying on delivery services to
avoid going to stores. This is particularly pronounced for food, groceries and basic
household goods, items that people had previously purchased in physical locations.
As we have observed over the years, the trends we see in daily life and in online
activities are often reflected in the trends we see in the cyber security world. The
coronavirus disruption is no exception.
Web Traffic Surges in Food, Food Delivery and
Home Goods
Since January 2020, overall web traffic across the e-commerce industry has remained
fairly constant, but since the announcement of “shelter in place” in cities around the
From mid-January to world, we have seen large traffic surges as well as increases in conversion rates in
mid-March
certain segments. As expected, the amount of malicious traffic in the e-commerce
the Food and industry has increased as well. Here are highlights for key segments:
Food Delivery
Food and Food Delivery:
segments
experienced a From mid-January to mid-March, these segments experienced a 41% increase in
41% increase in traffic. Since March 1, the industries’ conversion rate has soared by 80%. This means
traffic that shoppers are more decisive and that orders are growing at a faster rate than the
traffic growth alone.
sum passed
sum_block
Jan 19 Feb 2 Feb 16 Mar 1 Mar 15
Figure 1: Food delivery traffic spikes – both bots (red) and legitimate users.
2
Research Paper | Application Security: Operating in the Pandemic
Furniture and Home Goods:
Similar to the Food and Food Delivery segment, we see an increase in conversion rates in the home goods sector, up 37%,
with daily purchases up more than 120% when compared to the daily rates we have seen prior to the lockdown period
(figure 2).
Feb 2 Feb 9 Feb 16 Feb 23 Mar 1 Mar 8 Mar 15 Mar 22 Mar 29
Figure 2: Completed purchases in home goods online stores.
During February and March of 2020, we have seen that this segment experienced an increased number of account
takeover (ATO) attacks. An ATO attack occurs when someone gains unauthorized access to an online account. Our
research data shows these attacks comprised almost 80% of all login attempts. All three datapoints, across figures 2
and 3, show a significant upward trend, from user traffic to attack traffic to conversions.
During some days in
March 2020 certain
sites traffic
spiked 300%
of the Cyber
Monday peak
Figure 3: Increased ATO attacks (in red) on Home Goods retailers. The blue line represents
legitimate log-ins.
Additionally, we have seen some sites experience larger spikes in single-day traffic during March than they saw during
the last Cyber Monday, in some days more than 300% of the Cyber Monday peak. (figure 4)
Figure 4: In some segments, the daily traffic during some days in March is more than double the peak of Cyber Monday.
3Research Paper | Application Security: Operating in the Pandemic
For the home segment, we have see a
trend of legitimate traffic growth with
an increase of 26% during the last
two weeks of March as compared to
the first half of the month. Malicious
traffic grew at a similar pace of 25%
in that period (figure 5). This was
expected given worldwide policies
that included social distancing,
curfews, and stay at home orders.
Figure 5: Online home goods purchases continue to grow together with attacks on these sites.
As legitimate traffic and purchases
increased we have seen that malicious
traffic as a percentage of the overall
traffic remained high between 30%
and 40%, indicating that attackers also
escalated their efforts (figure 6).
Figure 6: H
ome goods malicious traffic as a percentage of overall traffic remains high while
overall traffic grows.
Cyber Threats Beyond ATO Attacks
The buying habits of customers was another interesting find. As we have seen playing out on the empty shelves in
stores, toilet paper is a popular item. Since March 11, searches for toilet paper have increased significantly, peaking at
1400%. Unexpectedly, we see that searches for outdoor furniture doubled since January. This behavior across basic
items can create a new opportunity for web scraping attacks from competitors and counterfeit retailers, that can harm
businesses.
Figure 7: Recent buying trends show increases in high-demand products.
4Research Paper | Application Security: Operating in the Pandemic
Besides an increase in ATO attacks, the rise in malicious traffic can also be attributed to a rise in scraping attacks to
capture key price and inventory data.
Figure 8: Scraping bot traffic (in red) in overall e-commerce segment.
Our hypothesis is that increased competition for business in key segments has fueled scraping growth as competitors
seek to capture more online customers with deals and pricing offers. Scraping growth has been concentrated on hot
items such as toilet paper, face masks and disinfectants. Historically, we have seen scraping for general merchandise
fueled by competitive inventory and price collection, but recently we see new scrapers that are typically used by
hoarders trying to get their hands on highly coveted items.
Dynamic Markets: Online Fashion is Rising
Since early February, the online fashion segment, including clothing, streetwear, sportswear and cosmetics, has seen
an overall rise in web traffic. With physical stores closed due to the pandemic, an increase in good traffic could be a
positive sign for fashion e-tailers. It is also interesting to note that the rise in traffic for fashion and clothing spiked
two weeks after traffic to general merchandise spiked. It appears that once people adjusted to the “new normal” and
addressed their basic product needs, new online shopping habits for non-essential products emerged. It’s important to
note that this rise in traffic was also fueled by promotions and sales offered broadly by different brands and retailers. In
particular, the last week in March was notable as the industry saw a 27% increase in good traffic week over week, and a
177% increase in malicious traffic, driven by ATO attacks, price scraping and hoarding (figure 9).
The industry saw a
27% increase in
good traffic
week over week, and a
177% increase in
malicious traffic.
Figure 9: Overall fashion traffic is increasing. Red represents malicious requests.
5Research Paper | Application Security: Operating in the Pandemic Cybercriminals follow the money, and are doubling down on their attacks during this sensitive period. Specifically for online fashion retail, we have seen spikes in account takeover (ATO) attacks that are 495% higher than the average daily rate seen previously (figure 10). In the last week, ATO attempts were 90% higher than the previous week and 143% higher than the first week of March (figure 10). Because it is relatively easy to break into online accounts and monetize them, websites have become the new banks for attackers, and that’s why ATO is big business for cybercriminals looking to cash in. Attackers seek to gain access to monetary information, such as credit cards, gift cards, loyalty points, and marketplace Figure 10: Login traffic on fashion retail sites during March by day (above) and weekly (below). credits from accounts that users might not monitor regularly. How Website Owners Can Protect Their Business and Their Customers It is crucial to be vigilant, especially during periods of higher traffic, since web attacks follow the traffic trends. There are five major bot threats that businesses need to be aware of and ready to address. The following in order to combat the bot attacks: • Regularly analyze server log and traffic logs to look for noticeable changes. This advice spans all attack types. Your log analysis tools should be able to handle this. • Look for behavioral anomalies of ATOs. For example, visitors that go straight to the log-in page without clicking on any other links or scrolling around the site are likely to be bots executing an ATO. Read more about this here. • With regards to scraping, turn off caching in Google and look for spikes in specific category pages that are in high demand. Read more about this here. • Consider adopting automated web application protection technologies that can leverage sophisticated machine learning engines to spot emergent anomalies in real time and that block malicious visitors from scraping or attempting ATOs. About PerimeterX PerimeterX is the leading provider of application security solutions that keep your business safe in the digital world. Delivered as a service, the company’s Bot Defender, Code Defender, and Page Defender solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience. PerimeterX is headquartered in San Mateo, California and at www.perimeterx.com. © 2020, PerimeterX, Inc. All rights reserved. PerimeterX, the PerimeterX logo, PerimeterX Bot Defender, PerimeterX Code Defender and PerimeterX Page Defender are trademarks of PerimeterX, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders. www.perimeterx.com
You can also read
