Travel & hospitality most vulnerable to bot attacks: Arkose Labs report

Use of AI propels widespread cybersecurity concerns
2023-11-20
/
By
/ New Delhi
/ Technology
20 Nov 2023
/ By
/
/New Delhi
Travel & hospitality most vulnerable to bot attacks: Arkose Labs report

Researchers assessed the attacks across three primary attack vectors: basic bots, intelligent bots, and human fraud farms

A new report says that globally all sectors of economy have been exposed to a sharp rise in cybersecurity threats, mainly posed by bots & human fraud farms.
Rate this post

Arkose Labs, a global leader in bot management and account security, has released its latest threat intelligence report analysing the contemporary attack landscape.

According to a press statement, the report, Breaking (Bad) Bots: Bot Abuse Analysis and other Fraud Benchmarks found that bots and human fraud farms were responsible for billions of attacks in the first half of 2023 and into Q3. These attacks comprised 73 pc of all website and app traffic measured. In other words, almost three-quarters of traffic to digital properties is malicious.

The statement adds that the report studied billions of sessions worldwide across industries to reveal the top attacks by industry, type, and region. Researchers assessed the attacks across three primary attack vectors: basic bots, intelligent bots, and human fraud farms. Fraudsters use these vectors to launch attack types such as SMS toll fraud, web scraping, card testing, credential stuffing, and more.

The analysis found bot attacks overall increased 167 pc in the first half of the year, weighted heavily by a 291 pc increase in intelligent bots. These smart bots are capable of complex, context-aware interactions.

The attacks, though, weren’t limited to bots. Research found that when fraudsters’ bots are blocked, they pivot attacks to human fraud farms, which increased 49 pc from Q1 to Q2 2023.

Kevin Gosschalk

Kevin Gosschalk

“Bot attacks aided by human fraud farms are about more than concert tickets and high-priced sneakers. They can point to far darker activities. We are seeing more attacks, using more intelligent bots, conducting more sophisticated types of attacks. Fake account registration, credential stuffing, scraping, SMS toll fraud–these are the types of attacks that fraudsters use as the first steps to more harmful crimes. They lead to romance scams that groom for human trafficking, money laundering from drug deals, or theft to fund illegal weapons,” says Kevin Gosschalk, founder and CEO of Arkose Labs.

From January through September 2023, Arkose Labs analysed billions of sessions from the Arkose Labs Global Intelligence Network, a consortium of the biggest companies in the world as well as category leaders that are Arkose Labs customers. The large customer bases of these companies represent high-value targets for cybercriminals. Arkose Labs’ unique position to observe this activity informs the analysis throughout the study.

The report highlights two trends in the report as driving the increase in attack level in Generative AI (GenAI), and Cybercrime-as-a-Service (CaaS).

The report says that during the past six months, Arkose Labs’ threat researchers have observed a significant uptick of GenAI being used for content generation by bad actors who are now able to write pristine phishing emails for Man-in-the-Middle attacks or perfectly-worded responses on dating apps in their romance scams. In addition, the researchers found attackers are using bots to scrape data from websites and then using that data to tune their GenAI models.

An equally prodigious trend, Cybercrime-as-a-Service (CaaS) lowers the barrier to entry for adversaries looking to commit cybercrime. CaaS vendors advertise their questionably-legal services openly. Anyone can reach out to these vendors to buy bots to circumvent security measures or carry out an attack. Fraudsters with limited to zero technical skills can then use fully automated bots at scale that cause widespread damage to businesses and consumers. Fraudsters no longer have to know how to code to deploy a sophisticated volumetric bot attack. They can simply buy the bots off the web along with the training they need and even tap into the sellers’ “customer” support.

“The massive rise of CaaS has completely changed the economics for adversaries. It’s much cheaper to attack companies and the attacks are just better because it’s a dev shop that is doing the attacks instead of just individual cybercriminals,’’ says Gosschalk.

With so much traffic to digital properties made up of malicious attacks, Arkose Labs researchers delved more deeply into the specific industries under attack. Nearly every industry experienced an increase in the number of attacks. The report lists the following as the industries that had more than 50 pc of traffic coming from bad bots and details common attacks carried out by malicious bots.

  1. Travel and Hospitality : 76 pc bad bots
  2. Technology : 71 pc bad bots
  3. Retail : 65 pc bad bots
  4. Streaming : 61 pc bad bots
  5. Gift Cards : 57 pc bad bots
You may also like
Saudia launches beta version of ‘Travel Companion’
Saudia launches beta version of ‘Travel Companion’
Sabre space
Sabre Space roadshows in India from May 8-10
bleisure in Africa
Boosted by bleisure, African hospitality businesses bullish on 2024
Privacy top concern in AI adoption for hotels, says survey
About Post Author
This is a team work! The entire editorial desk at India Outbound - Media India Group provides you with news, analysis, market reports and other information on various destinations and travel topics.

Leave a Reply

Read our Magazine

About us

India Outbound is India’s only B2B travel media platform, that encompasses a print magazine, a website, an online TV channel and dynamic social media platforms, entirely dedicated to the promotion of foreign destinations and products in India. Read More

Subscribe to our newsletter

    Advertisement

    Video of the week

    Twitter Feed

    Get Magazine

    E-Magazine