Radware Finds 57% of Online Shopping Traffic Now Bots, Not Buyers

“Bad bots are no longer just based on simple scripts—they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defenses,” said Ron Meyran, vice president of cyber threat intelligence at Radware. “E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”

The report highlights major bot attack trends and real-world attack data observed during the 2024 online holiday shopping season. In addition, it offers insights into the distributed, multi-vector attacks e-commerce providers and retailers can expect to battle this year.

Key findings and insights

• AI-generated bots with human-like behavior gain dominance: According to the report, bad bots made up 31% of total internet traffic during the last holiday season. Nearly 60% of the malicious traffic employed advanced behavioral techniques to evade traditional, signature-based detection. Combating these bots requires accurate AI-powered detection of attack patterns, including rotating IPs and identities, distributed attacks, CAPTCHA farm services, and other advanced anomalies, without causing false positives.
  
• Mobile-focused attacks surge: Malicious bot traffic directed at mobile platforms rose 160% between the 2023 and 2024 holiday shopping seasons, representing a fundamental shift in attacker focus. Security strategies need to be shored up and tailored for vulnerable mobile platforms and attackers using more sophisticated techniques, including mobile emulators, mobile-specific proxies, and headless browsers with mobile user-agent strings.