Under Attack?
Search
Menu

How Bot Manager Protects E-Commerce from ATO Attacks on Black Friday

By Neetu SinghOctober 23, 2023

Black Friday, the day after Thanksgiving, is one of the most eagerly awaited shopping events of the year, marking the unofficial start of the holiday shopping season. For retailers, it is an excellent opportunity to boost sales, clear inventories, and attract a massive influx of customers, both online and in-store. However, this surge in activity also catches the eye of cybercriminals, specifically those engaging in Account Takeover (ATO) attacks.

Understanding Account Takeover Attacks

Account Takeover attacks are nefarious attempts by cybercriminals to gain unauthorized access to users’ accounts on various platforms. These attacks often involve using stolen or leaked credentials (usually obtained from previous data breaches and leaks, and often sold on shady dark web marketplaces) to hack into and exploit customers’ accounts. These credentials can be used in ‘credential stuffing’ attacks by criminals to try to gain access to user accounts, or in ‘credential cracking’ attacks that input random characters to try to eventually guess the right log-in credentials. Compromised accounts can then be abused for fraudulent activities, data theft, identity fraud, or even financial crimes.

During the holiday season, especially around Black Friday, cybercriminals see a prime opportunity to exploit unsuspecting customers. The high volume of online transactions and the potential for lucrative gains make this time a hotbed for ATO attacks.

The Far-Reaching Impact of ATO Attacks

The implications of ATO attacks extend beyond immediate financial losses. Here is a closer look at the multifaceted impact:

1. Financial Losses
Successful ATO attacks can lead to financial drains on both consumers and businesses. Cybercriminals exploit compromised accounts for unauthorized transactions, causing direct monetary losses to individuals. For businesses, these unauthorized transactions can result in chargebacks, order cancellations, and revenue deductions, amplifying the financial strain.

2. Reputation Damage
The negative publicity stemming from ATO attacks can severely tarnish a retailer’s reputation. Customers who fall victim to these attacks are likely to publicly air their grievances, which dissuades others from shopping with the affected retailer. Building trust takes time—but losing it can happen swiftly.

3. Legal and Regulatory Repercussions
The fallout from ATO attacks is not confined to only digital. Legal and regulatory authorities are increasingly vigilant about data breaches and security lapses. Falling victim to ATO attacks can land businesses in legal trouble, resulting in fines, lawsuits, and compliance challenges.

4. Customer Trust and Loyalty Erosion
ATO attacks can shatter customer trust, resulting in a loss of customer loyalty. Once customers perceive a retailer as unsafe or negligent with their data, winning them back becomes a significant challenge.

Attack Snapshots:

In the weeks leading up to Black Friday 2022, an e-commerce portal protected by Radware Bot Manager witnessed an alarming surge in bad bot traffic. Fraudsters targeted their websites with almost 54 million bot hits within the space of a week to carry out several types of malicious activities:

  • With a peak bot activity of 9.1 million hits in a single day, over 6 million bad bot hits were stopped every day.
  • For the recorded duration, more than 55% of their website traffic escalated to consist of bad bots with more than a million unique user agents deployed.

Also blocked were more than 16.9 million content scraping attempts on another retailer—usually carried out by upstarts and competitors looking to copy valuable proprietary content such as product images, descriptions, and customer reviews.

2 million bot hits on APIs (Application Programming Interfaces) were blocked by Bot Manager for an e-commerce firm in the weeks leading up to Black Friday, further preventing significant volumes of fraud and theft perpetrated on the company and its customers.

Without protection from Radware Bot Manager, these e-commerce websites would have incurred high damages during the Black Friday sales period—in addition to the resources needed to deal with customers’ complaints and the time and effort needed to resolve them.

For an in-depth look at ATO and other bot attacks on E-Commerce operators, read our full Black Friday Report.

To learn if your website is secure against bot attacks, take advantage of our free Bad Bot Vulnerability Scanner service.

Posted in: Application ProtectionTags:

Neetu Singh

Neetu Singh is a cybersecurity solution lead with Radware. In her role, she specializes in application security and threat intelligence, working closely with Radware's product and threat research teams. Here she has led marketing initiatives, partnerships, collaborations, and campaigns for enterprise and SMB markets. She frequently writes about cloud trends, industry 4.0 and SMAC (social, mobile, analytics and cloud) among other topics. Neetu holds an MBA in marketing from NMIMS University in Mumbai.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?