Introduction

Black Friday is a popular shopping event throughout the United States of America and around the world. During Thanksgiving weekend and Cyber Monday (the Monday after Thanksgiving), thousands of companies offer steep product discounts that are not available at any other time, and consumers rush to buy these items while they are available. This can lead motivated buyers to resort to unethical techniques to purchase products, sometimes at the expense of other potential consumers, or carry out different forms of automated attacks.

Bot Automation Against Retailers

There is an expectation among security professionals that retail companies experience increased levels of bot attacks over the holiday shopping period, especially around Black Friday. We decided to look at 2022 data from online retailers around this period to test this expectation.

Using data from retail enterprises protected by F5 Bot Defense, we analyzed automated attacks against the online retail industry during the 2022 Black Friday period. This analysis covered automation patterns and trends over this period, using data spanning 8 weeks from July 28, 2022, to November 30, 2022. By leveraging this data, the fluctuations in automated attacks observed during the Black Friday period were compared against a baseline (before and after the black Friday and Cyber Monday sale periods).

Additionally, we explored attacker behaviors, including their testing and preparatory activities. This analysis provides a holistic understanding of attack trends against online retailers during this important shopping period.

We examined:

• The overall automated traffic targeting online retail companies in the weeks leading up to Black Friday.
• The daily percentage changes in automation on web and mobile platforms.
• The automation trends across different retail industry subcategories over this period.
• The distinct types of automated attacks that targeted each of these industry subcategories.

Online retailers are constantly exposed to unwanted automation. Automated bots are used against them in many ways, including credential stuffing/account takeover, gift card fraud, carding, scraping and checkout/reseller bots, to name just a few. Let’s start things off by defining the different kinds of automated bot attacks that retailers face, as well as some specific terms we use in our analysis.

Black Friday

When we refer to “Black Friday” in this article, we are referring to the day, November 25, 2022, while “Black Friday period” refers to the week leading up to and including the Black Friday weekend and Cyber Monday i.e. November 10th-30th, 2022.

Flows

When we refer to “Flows” in this article, we are referring to a category of endpoints on a website or mobile application. A group of endpoints related to authentication would be categorized as the Login flow.

Credential Stuffing

Credential stuffing is the use of stolen login credentials to gain unauthorized access to user accounts. This is sometimes the precursor to making fraudulent purchases.

Account Takeover

Account takeover is a form of attack where an unauthorized actor gains access to a user’s online account without the account owner’s permission. This can be achieved through several means including but not limited to credential stuffing, phishing, brute force, and malware.

Gift Card Fraud

Gift card fraud involves the use of bots to guess or brute force gift card numbers and PINs. This allows fraudsters to take over gift cards and spend them before the real owners of the gift cards have a chance to redeem them.

Scraping

Scraping involves the use of bots to collect information from an online retailer’s web or mobile application. This includes information about products for sale, their prices, variations, available inventory, discounts, deals, product specs and user reviews.

Reseller Bots

Reseller bots are designed to buy high-demand commodities faster than any human can, so that the reseller can sell them on the secondary market at a profit. Reseller bots were explored in detail by Tafara Muwandi in a recent article series.

Changes in Automation and Legitimate Traffic During the 2022 Black Friday

Our first analysis looked at the changes in both automated and legitimate traffic during the run up to the 2022 Black Friday period.

Legitimate Traffic Increased

Retail companies saw an increase in legitimate traffic leading up to Black Friday in 2022. This was to be expected as companies attracted customers with significant discounts. The steep rise in the green (legitimate) traffic in Figure 1 during the highlighted period indicates this increase as legitimate customers flocked to online retailers.