The 2024 Bad Bot Report by Imperva, a subsidiary of IT group Thales, suggests 51.1% of internet traffic in the travel sector is driven by humans, while 44.5% comes from malicious bots – up from 37% from 2022.
A bot is a piece of software that automatically processes web requests and is designed to perform a task without any human assistance The travel sector needs to brace itself for a surge in bot activity as cybercriminals use these bots to target travel companies through a number of ways.
Imperva suggests that the increase has been driven in part by increasing use of artificial intelligence (AI) and the large language models (LLMs) used in generative AI ‘training’, which is also affecting the level of bot sophistication.
Travel is 4th most-targeted industry
Travel is now the fourth most-targeted industry by automated malicious traffic, behind gaming, telecommunications, and computing and IT, but ahead of 13 other sectors including gambling, financial services and business services.
The industry is increasingly being targeted by ‘advanced’ malicious traffic with almost 61% of bad bots in the sector, classified as ‘sophisticated’.
More than one in 10 of all online account-takeover attacks were targeted at travel (11.5%), a proportion only exceeded by financial services (36.8%), and 17% of all login attempts in travel were classed as malicious.
The report revealed that the United States was the most affected by these threats, accounting for 47% of global bot activity, followed by the UK, the Netherlands and Australia. Singapore ranked 6th globally, with 35.2% of its web traffic being generated by malicious bots, contributing to 3% of global bot attacks in 2023.
Bot issues faced by the travel industry
Globally, bots compromised 45% of web traffic in the travel sector in 2023, up from 37% in 2022. This troubling increase has had significant implications, especially in Asia, where the practice of “seat spinning” has become rampant.
Seat spinning is particularly rife in Asia, as bots hold airline seats, often for up to a day, without making payment. This enables operators like unauthorised online travel agencies (OTAs) to resell these seats without risking upfront payment. This can result in airlines being fully booked with fewer passengers than their capacity, affecting revenue, operations and even reputation.
Unauthorised web scraping is another major issue. Here, bots run by OTAs, aggregators, and competitors access airlines’ web properties without permission to harvest data. This can damage critical business insights and metrics like look-to-book ratios and even increase the fees airlines must pay their partners.
In terms of account takeovers (ATOs) and fraud, the travel industry experienced the second-highest volume of ATO attempts in 2023. Cybercriminals zero in on the travel sector due to the valuable personal information, stored payment methods, and loyalty points within user accounts. Once the bad actors access customer accounts, they can steal loyalty points and fraudulently “buy” flights or hotel rooms for onward sale.
Steps that can be taken to boost cyber security
Imperva recommends that travel companies deploy a multi-layered defense strategy to mitigate these threats across all digital touchpoints, including APIs and mobile applications.
Organisations should identify risks through advanced traffic analysis and real-time bot detection. Understanding exposure, particularly around login functionalities, is crucial as these are prime targets for credential stuffing and brute force attacks.
IT teams could block outdated browser versions, restrict access from bulk IP data centres, and implement detection strategies for signs of automation, like unusually fast interactions. Suspicious traffic sources should be analysted and also keep a look-out for traffic anomalies like high bounce rates and sudden spikes.
‘Bad’ bots perform tasks with malicious intent, such as extracting data without permission. So-called ‘good’ bots index site content for search engines and monitor the performance of sites.
Imperva suggests users look out for unusual price fluctuations, slow website performance, frequent CAPTCHA challenges, unexpected availability changes and suspicious emails or messages as signs of malicious bot activity.
As the threat landscape evolves, industries across the globe are urged to strengthen their cybersecurity measures to mitigate the impact of bad bot traffic and to safeguard businesses and users from the consequences of these attacks.