Bot Protection

COVID-19 Part 4: Data Tells the Story


This post is part of the COVID-19 blog series

COVID-19 Part 4: Data Tells the Story

Traffic and Attacks Rise in Freelance, Media, E-learning and Marijuana Segments

In the fourth edition of our COVID-19 data update series, we examine the traffic and attack patterns that have continued to shift dramatically across the e-commerce industry as people stay at home to help flatten the coronavirus curve. In last week’s post, we highlighted increased malicious activity in the fashion and home goods segments. This week, we explore brand new segments including freelance marketplaces and media, we revisit the surging e-learning segment, and we close with how marijuana delivery services are impacted by the pandemic.

Freelance Marketplaces are in Demand

Beginning the week of March 16, overall traffic to marketplaces for freelance services is up 27% (figure 1) as stay-at-home orders took effect throughout the US and around the world. These services are in high demand as the economy is slowing down, and are more attractive when businesses and teams are working remotely by default. During this period of time, malicious traffic is also growing but steady (figure 2) as a percentage of the overall traffic to these sites.

Traffic to marketplaces

Figure 1: Traffic to marketplaces for freelance services is growing continuously as stay-at-home orders take effect.

Malicious traffic as a percentage of overall traffic to marketplaces for freelance services is steady

Figure 2: Malicious traffic as a percentage of overall traffic to marketplaces for freelance services is steady.

Media Traffic is Up -- on Weekends and Weekdays

Traffic to media websites is up 43% from the first week of March and up 87% from mid-February, when COVID-19 cases started spreading outside of China and drawing more news and business attention (figure 3). Peak traffic is during weekdays as expected, but there is a significant increase in weekend traffic as well, so people are certainly spending more time consuming media. Surprisingly, malicious traffic isn’t growing at the same pace and remains mostly stable in this segment.

Total traffic to media sites

Figure 3: Total traffic to media sites is up from mid-February, with a sharp rise starting in March.

While malicious traffic was relatively steady for the entire period, web scraping bot traffic is significantly lower starting on March 10 (figure 4). One theory for this new pattern is that the decline in advertising has impacted scrapers negatively. Fraudsters and copyright violators scrape content from media sites to republish on other sites, often to lure users away and monetize the new traffic with ads or other less legitimate ways. With advertising budgets declining, there are fewer ways to monetize on ads so scrapers are spending their time elsewhere.

Scraping of media sites is down

Figure 4: Scraping of media sites is down 69% during the stay-at-home period.

E-learning Traffic and Attacks are Up

Revisiting the e-learning segment that we covered two weeks ago, we can see that after a huge spike during the week of March 16, when many schools were closed and moved to e-learning at home, overall traffic remains high. It has stabilized at a 110% increase - or 2.1X the previous rate - when compared to the levels seen before the initial closures. This is slightly lower than the initial peak of 146% seen that week (figure 5). Malicious traffic during this period is up 121% - or 2.2X the level prior to lockdown, and is still growing (figure 6).

E-learning total traffic is up

Figure 5: E-learning total traffic is up. Red traffic is malicious.

E-learning total malicious traffic

Figure 6: E-learning total malicious traffic as a percentage of overall traffic ranges from 30% to 50% and averages 41% during the last two weeks.

Looking at login attempts, legitimate user logins are up 192% - almost 3X. Now, attackers and fraudsters are joining the party with massive account takeover (ATO) attacks, increasing 161% or 2.6X the already high level of ATO attempts this segment suffered prior to the school closures (figure 7). ATO remains at an average of 80% to 85% (figure 8) of all login traffic, and is much higher during specific attacks.

E-learning overall login

Figure 7: E-learning overall login traffic shows an increase in ATO attempts. Red traffic is malicious.

E-learning ATO

Figure 8: E-learning ATO as a percentage of overall login traffic remains high.

Marijuana Delivery Service Traffic is High

To round out this week’s blog, it’s interesting to note that another segment benefitting from the rise of e-commerce during the pandemic is marijuana delivery services with traffic up 102% from pre stay-at-home levels (figure 9).

Marijuana delivery services traffic

Figure 9: Marijuana delivery services traffic is increasing.

Attackers quickly identified this trend. In the last 10 days attack activity is quickly rising, fueled mostly by ATO attacks, with daily spikes of more than 10 times the levels from a month ago (figure 10).

Attacks on marijuana delivery services

Figure 10: Attacks on marijuana delivery services are also up.

In our next blog in the COVID-19 series, we continue to track the rise of malicious bot activity as digital patterns continue to shift dramatically during the pandemic. You can subscribe to the PerimeterX blog to stay up to date.

Want to Learn More?

Read the complete COVID-19: Data Tells the Story blog series:

Forrester Report

PerimeterX Named a Leader in the Forrester Wave™: Bot Management, Q2 2022

Download Report
© PerimeterX, Inc. All rights reserved.