Our Bot Management solution is designed to protect high-value targets on our customers' sites and help manage the impact of lower-sophistication volumetric traffic as well.
Among the most common bot attacks are credential stuffing or account takeover attacks. These are attempts to check if leaked credentials from another site can be used on a target site. This takes advantage of the fact that many times, end users have the same username and password across many sites. These types of attacks create excess load on the customer's backend infrastructure and increase the chance of fraud on the site. Attacks can, for example, log in to a customer's account and use stored credit card information or credits to make fraudulent purchases.
Related to the above are bot attacks that create fake accounts on the site that can be used for fraud, influencing reviews, and to pollute analytics and data.
The next type of attack we can protect against is gift card or credit card fraud. Customers that have gift card programs find that bots will attempt to brute-force gift card numbers in an attempt to find cards with stored value which can then be sold or used to make purchases. We also see attacks that will attempt to verify stolen credit numbers are still active and usable.
Finally, we see inventory-holding bot attacks. These are more sophisticated bots that will create accounts and hold valuable inventory such as a room, seat on a plane, product, or a ticket to an event. These attacks can be used to unfairly purchase more of a limited-inventory item for resale on other sites.
We also see more volumetric bot traffic. This tends to be systems scraping content or prices and can also be malicious users scanning your infrastructure for common unpatched vulnerabilities. While not always targeting high-value data or systems, this type of traffic can increase the load on your origin services and steal your content.