F5 Labs research has found high and medium sophistication methods of automation almost entirely replacing low sophistication traffic during the Black Friday period.
New research from F5 Labs has shown that Black Friday threat actors are better prepared and more sophisticated than ever before. The analysis found that automated traffic became progressively more sophisticated in advance of, and during, the Black Friday period. It also noted that attackers moving early to target the promotional period when platforms may not have implemented heightened security measures.
F5 Labs categorized threats into three levels: low sophistication at the network level, medium sophistication at the browser or mobile device level, and high sophistication imitating human interaction within applications. Between August and October 2022, nearly 50% of web traffic was characterized by low sophistication, while around 33% displayed high sophistication. This trend shifted, with high sophistication attacks consistently reaching almost 70% in November. In the mobile realm, a parallel trend emerged, replacing low sophistication with medium sophistication automation.
“The increase in the sophistication of automation was a striking trend across both Web and Mobile. As the busy shopping period approached, the volume of automation may have fluctuated but its sophistication was progressively growing,” said David Warburton, Director, F5 Labs.
“Threat actors know that low level automation is likely to be easily detected and that online retailers are improving the way they defend against attacks and share information. Highly skilled and well-funded threat actors are responding by upping the sophistication of their work. This includes, but not limited, to exploiting the most recent vulnerabilities to gain unauthorized access to systems, deploying malicious software that can alert its code dynamically infects a new system, or using custom malware or social engineering techniques for an extended period. Concurrently, they have strategically shifted their attack objectives towards the most lucrative and damaging vectors,” added Warburton.
Another notable trend was that the prevalence of automated traffic around Black Friday and Cyber Monday was not tied to the days themselves but tended to happen well in advance. In other words, during the early in the promotional period. Certain sub-sectors of online retail were also found to be more susceptible to attacks such as credential stuffing, account takeover, gift card fraud, scraping and reseller bots than others.
