Malicious bots steal data and content and wreak havoc on
websites, and airlines have the second-highest proportion of traffic from these
bots, according to a new report.
Cybersecurity firm Distil Networks analyzed hundreds of
billions of bad bot requests, anonymized over thousands of domains.
For airlines, bad bots accounted for 43.9% of all traffic on
their websites in 2017. That puts the airline sector second to only gambling
websites, which had 53.9% of their traffic from bots.
And it’s more than twice as much as the average across all
industries – 21.8%.
Bots are used to automate a variety of harmful actions such
as web scraping, competitive data mining, personal and financial data harvesting and digital ad fraud.
Distil Networks' senior director of security research, Anna
Westelius, says airlines are also being targeted with a newer form of attack
known as denial of inventory.
“This problem is huge in airlines because there are a lot of
bots going in and holding airline seats for specific flights,” she says.
“They are reselling them on other websites or holding them
for competitive purposes. That does not only impact that airline badly because you
end up with unsold seats or bad user experience, but it’s also a consumer
problem because the airline prices increase.”
Subscribe to our newsletter below
Another problem for airlines is bots that conduct high-volume
attacks to gather flight and price information. Because these automated searches
do not result in a transaction, they skew the airlines’ look-to-book ratios and
inflate distribution costs.
Bots are also being used to sabotage airlines’ remarketing
opportunities by inserting false email addresses into reservations, and they
can access travelers’ accounts to empty their reward miles.
The report says bots that target airlines primarily come from
“unauthorized online travel agencies, competitors, price aggregators and
metasearch sites.”
And the airline sector is hit with a high percentage of what Distil
Network dubs “sophisticated bots.” Nearly 20% of the bots that attack airline
websites are of this type, meaning they are the most evasive and persistent.
For the travel industry overall, including airlines, the
percentage of web traffic coming from bots is 19.24%.
Westelius says bots will always be a problem, but there are
things airlines and all e-commerce sites can do to minimize the risk.
“What one needs to think about is translating whatever the
bots are doing into cost. If the cost of gaining the data is more than what they
are getting to use it, they will stop,” she says.
“So any friction that you are introducing in your websites
to make it more difficult for these bots is helping you get there.”
The report suggests brands protect all access points – not just
websites but also exposed APIs and mobile apps - monitor traffic sources,
investigate traffic spikes, monitor failed login attempts and more.