Malicious bots steal data and content and wreak havoc on
websites, and airlines have the second-highest proportion of traffic from these
bots, according to a new report.
Cybersecurity firm Distil Networks analyzed hundreds of
billions of bad bot requests, anonymized over thousands of domains.
For airlines, bad bots accounted for 43.9% of all traffic on
their websites in 2017. That puts the airline sector second to only gambling
websites, which had 53.9% of their traffic from bots.
And it's more than twice as much as the average across all
industries -- 21.8%.
Bots are used to automate a variety of harmful actions such
as web scraping, competitive data mining, personal and financial data
harvesting and digital ad fraud.
Distil Networks' senior director of security research, Anna
Westelius, says airlines are also being targeted with a newer form of attack
known as denial of inventory.
"This problem is huge in airlines because there are a
lot of bots going in and holding airline seats for specific flights," she
says.
"They are reselling them on other websites or holding
them for competitive purposes. That does not only impact that airline badly because
you end up with unsold seats or a bad user experience, but it's also a consumer
problem because the airline prices increase."
Another problem for airlines is bots that conduct
high-volume attacks to gather flight and price information. Because these
automated searches do not result in a transaction, they skew the airlines'
look-to-book ratios and inflate distribution costs.
Bots are also being used to sabotage airlines' remarketing
opportunities by inserting false email addresses into reservations, and they
can access travelers' accounts to empty their reward miles.
The report says bots that target airlines primarily come
from "unauthorized online travel agencies, competitors, price aggregators
and metasearch sites."
And the airline sector is hit with a high percentage of what
Distil Network dubs "sophisticated bots." Nearly 20% of the bots that
attack airline websites are of this type, meaning they are the most evasive and
persistent.
For the travel industry overall, including airlines, the
percentage of web traffic coming from bots is 19.24%.
Westelius says bots will always be a problem, but there are
things airlines and all e-commerce sites can do to minimize the risk.
"What one needs to think about is translating whatever
the bots are doing into cost. If the cost of gaining the data is more than what
they are getting to use it, they will stop," she says.
"So any friction that you are introducing in your
websites to make it more difficult for these bots is helping you get there."
The report suggests brands protect all access points -- not
just websites but also exposed APIs and mobile apps -- monitor traffic sources,
investigate traffic spikes, monitor failed login attempts and more.
___
Source: PhocusWire