As Black Friday approaches, retailers are gearing up for the inevitable surge in online traffic. But cybercriminals are also preparing for this high-stakes season, fine-tuning their bot attack strategies to exploit inventory, pricing, and customer accounts. To shed light on these threats and what retailers can do to prepare, we consulted five experts from Netacea who shared their insights on the bot attack landscape during Black Friday and beyond.

Welcome back to our Evolution of Scalper Bots series from the Netacea Threat Intel Center. In our previous blog, we reviewed the early days of anti-bot legislation and its limitations, especially around ticket scalping. Traditional defenses like CAPTCHA quickly became insufficient, which spurred the development of bot management solutions.

Bot attacks are evolving to become more sophisticated. Attackers have built businesses around the data and assets they extract with bots, so they constantly seek ways to bypass defenses. Developers work tirelessly to assess bot defenses and find new methods to evade them. Traditional, client-side defenses are visible to attackers, making it easier for them to bypass. But even advanced defenses must stay alert, embedding bot expertise to keep pace with these evolving tactics.

Welcome back to our Evolution of Scalper Bots series. In our last post, we explored how scalper bots expanded into new markets from 2010 to 2014. We saw the scalper bot industry rise and a technological arms race begin between developers and retailers. As we delve into the period of 2015 to 2017, this battle intensifies. Scalper bots become more sophisticated, retailers implement new countermeasures, and legal challenges emerge.

Content scraping is on the rise. While it can benefit your business in some cases, it can also lead to lost revenue, degraded website performance, and content theft. Web scraping is a hot topic in tech news. This trend links to the rise in AI tools, specifically LLMs (large language models), which rely on content to generate their outputs. They scrape content from across the web to train these algorithms. This is a controversial subject with moral, technical, and legal implications.

As a security professional considering a robust bot defense strategy, it’s important to understand the ever-evolving nature of bot threats and the critical need for a scalable, robust solution. Traditionally, businesses rely on agent-based bot management solutions, also known as client-side or front-end detection, by deploying small pieces of software (agents) on customer devices to detect malicious activity. However, these approaches carry significant risks.

At 8:00 on Saturday, 31st August 2024, millions of people were poised to be part of pop culture history. Four days earlier, on 27th August, seminal Britpop heavyweights Oasis shocked the music world by finally confirming their long-awaited reunion. The reconciliation of brothers Liam and Noel Gallagher sent fans into a frenzy. For millions worldwide, it was essential to get tickets to one of the 17 announced gigs. The demand was enormous.

Welcome back to the next blog in our Evolution of Scalping series. During our last blog we covered the landmark case that exposed the power of automated purchasing – Wiseguy Tickets. We detailed their operation and their use of bots, which allowed them to snatch up huge volumes of available tickets for high-demand events.

Welcome back to our Evolution of Scalper Bots series. In part one, the Origins of Scalping, we started our journey through scalping’s long history. We saw that it is far from a new concept: people have been reselling high-demand items for centuries, from as far back as 325 BCE! We’ll continue our journey at the turn of the 21st Century. With the advent of online ticketing, a new frontier had just been opened for scalpers, and things would never be the same again.

In recent weeks we’ve covered how criminals use bots to steal accounts across the web. Credential stuffing tools make this easy and quick to do. If you missed it, watch a live demo of the process in this webinar. In this post we’ll look in more detail at what happens next. How do criminals monetize stolen accounts? To answer this, we’ll use the example of streaming services – one of the quickest and easiest commodities for crooks to shift and make a quick profit.