Grinchbots Surge In Activity Towards The End Of 2021

by | December 23, 2021 | Cybersecurity News

This year, prepare for naughty scams, for grinchbots are bent on stealing your Christmas by ruining gift cards and other evil tricks.

As we approach the holidays, shopping is quickly moving into full swing, and so is our excitement for giving and receiving gifts. Unfortunately, however, grinchbots are here to try to ruin that for us.

Imperva Research Labs discovered that bot traffic sessions on retail sites spiked this month a concerning 73% over October. To make things worse, malicious activity isn’t expected to subside anytime soon.

What Are Grinchbots?

These naughty automated bots query online inventories and purchase desired products, taking advantage of major sales and special product launches. The threat actors behind them buy the most coveted items and resell them at a ridiculously high price later.

These bots target the holiday season every year. For example, grinchbots were responsible for a nationwide shortage of PS5 gaming consoles last season. As a result, they were only available for purchase from third-party resellers for more than double their retail price.

“Because the automation is faster and more efficient than a human, legitimate human users don’t stand a chance at getting their hands on the latest, most desired commodities,” Imperva researchers explained, in a Wednesday post.

Imperva also found that bot traffic continued to increase the week following Cyber Monday. Furthermore, traffic had already spiked 48% between Thanksgiving and Black Friday.

Grinchbots are emerging again towards the year's end.
Bot traffic spiked during Black Friday and Cyber Monday. Credit: Imperva

“The 2021 holiday shopping season is shaping up to be a nightmare for both retailers and consumers,” Peter Klimek, director of technology of the CTO at Imperva, said. “With the global supply-chain conditions worsening, retailers will not only struggle to get products to sell in Q4, but will face increased attacks from motivated cybercriminals who want to benefit from the chaos.”

Despite online retailers’ best efforts, grinchbots keep finding ways to circumvent controls, starting with creating fake email accounts.

“Once a threat actor has created enough email addresses and ‘farmed’ them to look like real people by sending emails, watching YouTube videos and in general, acting like a human, they then go set up accounts on the desired platforms for the purpose of making purchases of the next item to drop,” explained Jason Kent, hacker-in-residence at Cequence Security. “This means these platforms have hundreds of accounts that are simply controlled by the threat actor.”

Saryu Nayyar explained how imitating human users’ behavior during the shopping process allows grinchbots to sneak past static rules engines that observe behavior to spot bot purchases.

“One technique is to mimic a typical online shopping pattern, where someone scrolls through multiple product pages, and might even use a ‘compare these products’ tool or look at product reviews,” she explained. “Then, a big-ticket item is placed in the cart and purchased with the purloined payment information. By looking like a typical purchase process, the fraudster makes the behavior less suspicious and skirts rule-based detection.”

Gift Card Grinches

Security firm Kasada warned of grinchbots branching out to gift cards. They bombard sites with millions of digit combinations to find active cards that hold value. Once the bots crack a valid gift card, the operators transfer the stored value or use the cards to buy products.

“The gift cards are depleted (the money is gone) before the intended recipient of the card has a chance to use it,” Kasada researchers explained.

Tips On Fighting The Grinchbots

According to Imperva, the best solution for online merchants is investing in a multilayered security defense that covers applications and application programming interfaces (APIs) and back-end data. Researchers highlighted the importance of API in particular.

“[APIs] are essential for retailers as they improve the e-commerce experience for shoppers,” according to Imperva. “APIs connect consumers to data and information they need – like inventory availability, product search, order fulfillment tracking and more. However, APIs, like JavaScript services, are difficult to monitor and highly vulnerable to attack.”

“Common website functionality like chatbots, payment services and web analytics are enabled by third-party JavaScript that executes on the client side,” explained the firm. “The functionality is a necessity for e-commerce, but is increasingly vulnerable to attack. If not properly secured, the compromise of third-party JavaScript code can lead to cross-site scripting (XSS), formjacking, cryptojacking, malicious ad injection, data skimming and more.”

Nayyar added that the use of machine learning and AI is also highly advisable.

“Today’s cloud-based advanced fraud analytics platforms utilize Big-Data architecture, machine learning, artificial intelligence and behavioral analytics to dig through millions of transactions and billions of data points from cross-channel sources to get a full contextual view of transactions and detect anomalous signals and activities in real time,” she said. “Such platforms can provide accurate, prioritized risk assessments that enable decision-making and allow mitigations to be triggered in time to prevent the losses.”


Threatpost Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

Imperva Grinchbots strike again this holiday shopping season as bot traffic spikes 73%


Image by Jim Cooper from Pixabay

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.