E-gift Card Bot Attacks – A Deep Dive

July 14, 2020 Hugh Taylor Off Cyber Policy in the News,

E-gift card bot attacks – deep dive. Learn about tools and techniques that are used for these attacks, real attack examples, and how to protect from these attacks.

Though e-gift card bot attacks tend to stay fairly steady in the e-commerce vertical, since the COVID-19 lockdown, PerimeterX researchers saw a skyrocketing increase of 820% in such attacks , mainly in online food delivery services. In the graph below the blue line represents the legitimate traffic on e-gift card pages of multiple large online businesses, and the red line is the malicious automated traffic.

While some attacks are short and concentrated, other attacks are “low and slow,” with spikes from time to time. The sophistication of the attacks also varies, when some of the attacks tend to be more primitive or opportunistic, while other attacks are highly sophisticated, mimicking human behavior and being “custom made” for the targeted application and its specific bot protection.

In one example, a sophisticated e-gift card attack on a top five US retailer lasted around two months—a very long time for a massive bot attack. During this time, tens of thousands of requests to e-gift card pages were malicious.

Another interesting case is a top ten travel brand. This company’s e-gift card page was attacked recently, when the malicious traffic spiked, and reached up to 99% of the total traffic to the e-gift card page.

About The Author

Hugh Taylor

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.