Airlines seeing increased sophistication in bot attacks

Automated bot attacks that swarm websites overloading them with credentials stuffing, or other forms of cyberattack, are becoming increasingly prevalent with airlines being the second most common industry targeted by bad bots, with just under 44% of their traffic coming from this vector.

Credential stuffing is a type of cyberattack where stolen customer account details are used in large-scale automated login requests directed against a web application.

Gambling is number one target, according to a threat report released by Distil Research Lab, accounting for a massive 53% of their traffic. The financial and healthcare sectors are on a par with around 24% of their traffic coming from these types of attacks.

According to the report’s figures, the sophistication of these attack bots seen by airlines is increasing.

An aggravating factor for airlines, who have come under numerous data breaches of late, is that their websites are constantly scanned by friendly bots from information aggregators, (such as Skyscanner etc.) competitors or online travel agencies, looking for flight information and ticket prices.

“In recent months, airlines have faced an uptick in nefarious activity by bad actors, a sign that this industry is ripe with information that can be used for monetary gain or to wreak havoc,” Mike Rogers, vice-president of Services at Distil Networks, said in their accompanying press release.

The numbers come from an analysis of traffic of 180 websites of 100 airlines — at least one of which was Canadian-based — that used Distil’s software during a 30-day period over the summer.

On 51 of the domains, bots accounted for more than half of their total traffic. Across all industries investigated, attack bots accounted for 21.8% of network traffic, rising to 43.9% for airlines.

Increasing bot attacks

The report says that during the 30-day study period one typical attack involved a European airline’s loyalty program: Six volumetric credential stuffing attacks which lasted from 30 to 90 minutes average, but with the largest attack comprising of approx. 50,000 login attempts, lasting over three and a half hours.

The report stated that ‘compared with similar attacks which are much larger in volume and duration, it is safe to assume that this bot operator was trying to avoid being too noisy for too long to evade detection’.

The U.S. is number one for this type of airline attack, responsible for 25.58% of this traffic. Singapore is in second place with 15.21% and China third with 11.51%. Bot attacks from Canada account for 1.26% of traffic.