The Evolution of Bad Bots from Grinchbots to Parasitic Bots-as-a-Service

The doomsday pandemic prediction is that you won’t be able to buy toilet paper because bad bots will have hoarded all the inventory and are offering it to the highest bidder on secondary markets at an exorbitant mark-up.

The Gaming Console War

The use of scalping bots was once the domain of tickets for sporting events or concerts. But recently, it has become increasingly prevalent in ecommerce and online retail, with recently released gaming consoles being scalped by Grinchbots over the holiday period. Parents everywhere are frustrated that they couldn’t buy these gaming consoles online because they were quickly purchased by denial of inventory bots. To make matters worse, parents are hearing from their children that these same consoles are still available on secondary markets but at double the original retail price.

A Grinchbot Every Second

So what’s happening? Online retailers that sell these high demand items have these products on their website. Inventory checking bots on these product pages are checking at the rate of more than once a second to see if the item is available — all day, around the clock. That means that if a new shipment comes into that retailer, bots will purchase over 60 items in the first minute, until the inventory is gone. Good luck being a human hoping to grab one from that specific page. The harsh reality is that automation is simply faster and more efficient than a human at this type of repetitive task.

And this year, chip makers have also released their latest CPUs to improve the performance of PCs. Enthusiasts looking for these items are also suffering from the lack of availability because of the scourge of Grinchbots purchasing them to re-sell elsewhere at a significant premium.

Bots Buy Sneakers Too

It’s not just about gaming consoles or PC components; limited edition sneakers and fashion items are also the target of bots. Sneakerbots cost only a few hundred dollars to purchase and provide a technological advantage to anyone looking for the latest pair of sneakers.

Bad Bots are a Quarter of Internet Traffic

With 24.1% of all traffic being bad bots, this problem is significant and has grown larger in recent years. In fact, today it is also true that the vast majority of cyber attacks are launched by bots. But Grinchbots and Sneakerbots are just a slice of the total bad bot traffic. There are bots scraping content or prices. There are bots running stolen credentials against login-pages in order to perform account takeover and commit fraud with whatever is inside these compromised accounts. There are bots stealing gift card balances. There are bots placing spam comments riddled with malware links into forms and comment sections. If a functionality is available on a website, it’s unfortunately inevitable that a bot is being used to exploit it.

But why is this happening? The answer lies in the fact that bots are run by people. And these bot operators are paying their mortgage by running these bot operations. There is an infrastructure in place within the bot ecosystem. First, there are bot builders making the bot technology available for purchase online. Second, there are bot operators who buy and run these bots to purchase sneakers, tickets, gaming consoles, or any high demand, or limited edition items, for resale at a premium. Finally, the evolution of bots is now the reality of bots-as-a-service or businesses that operate on the backs of others like parasites. Under the guise of offering business intelligence there are now seemingly legitimate businesses using bots to scrape information and re-sell it to others as ‘business intelligence services’. These businesses succeed and survive on their ability to successfully run bots. This is why the bot problem isn’t going away and the number of bad bot use cases are only going to increase. Too many livelihoods are invested in bots.

So if the market characteristics that encourage the use of bots are high demand, scarce, or limited edition items, is it not inevitable that bots will eventually be used to hoard high demand items if a shortage occurs? In the US, the pandemic has already seen empty shelves for toilet paper. If there are Grinchbots and sneakerbots, then why not toilet paper bots? Let’s hope not.

The post The Evolution of Bad Bots from Grinchbots to Parasitic Bots-as-a-Service appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Edward Roberts. Read the original post at:

Avatar photo

Edward Roberts

Edward Roberts is the VP Marketing at Neosec. Prior to Neosec, Edward led marketing strategy for the application security portfolio at Imperva. Previously, he led marketing at two application security companies through acquisition including Distil Networks (acquired by Imperva) and Mykonos Software (acquired by Juniper Networks).

edward-roberts has 13 posts and counting.See all posts by edward-roberts