As nations and communities adjust to our changing world in the face of the coronavirus outbreak, we continue to see interesting patterns in online traffic and bot attacks. We outlined some of our initial findings in last week’s post, which highlighted traffic and attack surges in segments such as food, food delivery and home goods. This week, we dive deeper into new segments including e-learning, which is exploding, and travel which is showing a major spike in bot scraping attacks. Both e-learning and travel are also seeing large increases in account takeover (ATO) attacks.
Web Traffic Surges in E-learning
It comes as no surprise that traffic in the e-learning segment has increased since January as more schools are requiring students to stay at home. This trend continued last week where we saw a very large spike in e-learning traffic overall, with good traffic up 146% and bad bot traffic up 123% week over week (figure 1). Fridays are typically a slow day of the week for e-learning activity, but traffic peaked on Friday, March 20, which saw a 222% increase over the previous Friday. We believe this is an indicator that traffic in this segment will continue to trend up.
Figure 1: Overall e-learning traffic is spiking.
While overall traffic soared due to demand for e-learning from adults and children staying at home, malicious bot traffic also spiked. In fact the percentage of malicious traffic as compared to overall traffic was higher in March than any other time period this year (figure 2).
Figure 2: Malicious traffic percentage rate of total traffic is increasing in e-learning segment.
Overall, the e-learning segment is seeing an increase in malicious bot traffic executing ATO attacks (figure 3). The percentage rate of malicious traffic compared to overall e-learning traffic is also increasing, and trending at above 85% of all login attempts (figure 4). In ATO attacks, criminals take unauthorized ownership of online accounts using stolen usernames and passwords to gain unlawful access to accounts. In this case the attacker gains access to the privileged content - classes and learning materials - and can then resell access at lower costs, or steal the content and offer it on other platforms.
Figure 3: E-learning ATO attacks are up.
Figure 4: E-learning ATO attack rate as a percentage of overall login traffic is rising.
Web Attacks Continue in Travel and Hospitality
While demand for travel and hospitality services has dropped in light of health concerns and travel bans (figure 5), attackers continue to work hard with malicious traffic increasing in volume over this period. This results in an increase of malicious traffic as a percentage of overall traffic (figure 6). The growth in malicious traffic is especially interesting as it is mostly fueled by competitive scraping attacks (figure 7) operated by other travel sites, which don’t appear to be slowing down their investment in competitive scraping. Competitors may be using automated price scraping bots to match or beat each others’ pricing and take what little travel business remains away from each other.
Another trend that we see in this segment, aligned with global trends in other verticals, is an increase in ATO traffic as a percentage of all login attempts with attacks growing larger and more frequent (figure 8).
Figure 5: Total traffic on travel and hospitality sites is down.
Figure 6: Malicious traffic as a percentage of overall traffic is increasing in travel and hospitality.
Figure 7: Scraping traffic as a percentage of overall search traffic is increasing in travel and hospitality.
Figure 8: ATO as a percentage of overall login traffic is surging in travel and hospitality.
Next week we will share more information on how the shift to digital business in the face of the coronavirus pandemic is impacting different vertical markets, and we will discuss how the situation is evolving. You can subscribe to the PerimeterX blog to stay up to date.