Distil Research Lab releases first industry-specific data focused on airline bot activity
SAN FRANCISCO, CA – November 14, 2018 – Distil Networks, the global leader in bot mitigation, today released a new threat research report titled, “How Bots Affect Airlines.” This marks the first industry-specific report that studies the persistent damage caused by bot activity on airline websites, APIs, and mobile apps. Developed by the Distil Research Lab, a team of dedicated analysts who examine the most sophisticated automated threats, this report analyzed 7.4 billion requests from 180 domains (100 airlines) internationally, finding that sophisticated bots make up a significant proportion of airline web traffic.
Bots are used by online travel agencies (OTAs), travel aggregators, competitive airlines, and criminals to execute a number of attacks, leading to online fraud, website downtime, and loss of potential revenue. Unauthorized scraping, the most prevalent attack on airlines, damages look-to-book ratios and can result in increased fees. Alternatively, seat spinning attacks, in which bot operators hold airline seats at no cost for a period of time in order to resell for a higher fee, paint an unclear picture of flight popularity and allow for outsider monetary gain. Lastly, loyalty program account takeovers, where bots perform brute force credential stuffing attacks, allow nefarious actors to gain access to a member’s loyalty points.
“In recent months, airlines have faced an uptick in nefarious activity by bad actors, a sign that this industry is ripe with information that can be used for monetary gain or to wreak havoc,” said Mike Rogers, VP of Services at Distil Networks. “At Distil, we have been following the bot problem facing airlines for years, and have helped this industry combat such attacks without impacting users. This report underscores the range of unique challenges airlines must address as attacks increase in breadth and sophistication.”
- Bad bots comprise 43.9 percent of traffic on airlines websites, mobile apps, and APIs.
- In almost 30 percent of domains reviewed in this study, bad bots encompass more than half of all traffic.
- 84.3 percent of bots on airline domains are moderate or advanced, which are difficult to detect.
- 10.5 percent of bad bots on airline domains identify coming from a mobile device. The rest all claim to be a user agent from a desktop browser.
- Almost half (48.87 percent) of all bad bots report Chrome as their user agent.
- The highest proportion of bad bot traffic comes from the United States (25.58 percent), followed by Singapore at 15 percent.
- Bad bot activity is consistent, and automated attacks appear around the clock every day of the week. They are consistent in volume every day except for Friday, where there is peak of bad bot traffic at 18.17 percent.
To download a full copy of the report, please visit: https://resources.distilnetworks.com/whitepapers/bad-bots-and-airlines
To ask questions and learn more, register for our upcoming webinar taking place on Wednesday, Dec. 12, at 10:00 a.m. PST/1:00 p.m. EST: https://info.distilnetworks.com/webinar-how-bots-affect-airlines
About Distil Networks
Distil Networks, the global leader in bot mitigation, protects websites, mobile apps, and APIs from automated threats. Fraudsters, hackers, and competitors use bots to commit online fraud, break into customer accounts, and gain an unfair competitive advantage. As the sheer volume, sophistication, and business damage of these attacks grow, bots put a costly strain on IT staff and resources. Only Distil’s unique, more holistic approach provides the vigilant service, superior technology, and industry expertise needed for full visibility and control over this abusive traffic. The Distil team pioneered bot mitigation in 2011, and has been leading the way ever since. With Distil, there is finally a defense against automated attacks that is as adaptable and vigilant as the threat itself.
For more information on Distil, visit https://www.distilnetworks.com/block-bot-detection/ or follow @DISTIL on Twitter.