Bots, which are responsible for credential stuffing attacks, pose a major threat to retailers. But new research from Netacea, which looked at data across the e-commerce, travel, entertainment, and financial services sectors, finds most businesses are ill-prepared to mitigate the threat of bots.
Bots are used to pull off credential stuffing attacks using stolen access information, like usernames and passwords, which criminals find or purchase on the Dark Web after they are leaked in a data breach. Hackers employ bots to sign into multiple accounts. The bots can attempt several logins, and appear to originate from different IP addresses, and as a result can get around security measures.
“With over half of web traffic today generated by bots, this implies that businesses are unaware of a great deal of the bot traffic on their sites”
The survey, The Bot Management Review: The Challenge of High Awareness and Limited Understanding, found businesses have a solid awareness of how bot attacks can negatively affect a business, with more than 70 percent acknowledging they are aware of the most common bot attacks, including credential stuffing and card cracking. And most, 76 percent, said they have been the victim of a bot attack.
But respondents also said only 15 percent of their web application resources are taken up by bots. Netacea said this points to a lack of preparedness to fight the bot problem.
“With over half of web traffic today generated by bots, this implies that businesses are unaware of a great deal of the bot traffic on their sites,” said Netacea in a summary of the findings.
Netacea also said the survey uncovered a lack of awareness about the dark market sites where customers’ usernames and passwords are bought and sold, with only 1 percent of respondents saying they are familiar with these illegal sites.