Who knew so much bad-bot activity was going on in the airline ticketing business?
In recent months, airlines have faced an uptick in nefarious activity by bad actors, a sign that this industry is ripe with information that can be used for monetary gain or to wreak havoc. The high-profile breaches at Cathay Pacific and British Airways have illuminated the industry’s struggle to prevent and mitigate cyber attacks, but customer data is not the only incentive for bad actors to attack airlines. Sheer profit is, however.
Questionable online travel agencies, travel aggregators, competitors and criminals are using malicious bots to conduct a variety of attacks on airline websites that result in online fraud, website downtime and loss of potential revenue. Unauthorized scraping damages look-to-book ratios and can result in increased fees.
Seat spinning attacks, in which bot operators hold airline seats at no cost for a period of time in order to resell for a higher fee, skew flight popularity and allow for outsider monetary gain. Loyalty program account takeovers, in which bots perform brute force credential stuffing attacks, allow nefarious actors to steal customers’ loyalty reward points.
In the first industry-specific study of the persistent damage caused by bad bot activity on airline websites, mobile apps and APIs, Distil Networks analyzed 7.4 billion requests from 180 domains (100 airlines) internationally during a 30-day period. This eWEEK Data Points article presents the top seven findings from the report.