Cyber criminals are taking advantage of the Great Resignation to harvest people’s personal data, as demonstrated by a large web scraping attack that Imperva Research Labs mitigated on a global job listing site last month.
The bot attack lasted four days and featured 400,000 unique IP addresses, with each IP making 10 requests per hour on average. The unusually large volume of IP addresses used in this particular attack was intended to evade detection.
The intent: To harvest job seekers’ profile data which can later be sold online or used for malicious purposes like fraud.
This type of bot attack – known as Web Scraping – is one of the most prominent automated attacks affecting organisations today. It treads a fine line between business intelligence and violating data privacy. And it isn’t just a threat to users who have personal information on a website. Scraping can negatively impact originations – resulting in lower conversion rates, skewed marketing analytics, decrease in SEO ranking, website latency, and even downtime.
This example underscores a growing trend of botnet operators striking global sites at an alarming scale. Another recent example occurred around the 2021 Black Friday sales where a global retail brand was hit with an astonishing 9 million bot requests in 15 minutes. The bots were purchasing limited edition collectors’ item before legitimate consumers could get their hands on it. Overall in November 2021, Imperva saw global bot traffic spike 73%.
