Radware: Radware Finds 57% of Online Shopping Traffic Now Bots, Not Buyers

MAHWAH, N.J., April 23, 2025 (GLOBE NEWSWIRE) -- Radware® (NASDAQ:RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its "2025 E-commerce Bot Threat Report." The report found that automated bots-good and bad bots-accounted for 57% of e-commerce website traffic during the 2024 holiday season. It marks the first time that automated, non-DDoS generating bots drove more traffic than human shoppers, signaling a critical shift in the cybersecurity landscape for e-commerce providers and online retailers."Bad bots are no longer just based on simple scripts-they're sophisticated, AI-enhanced agents capable of outsmarting traditional defenses," said Ron Meyran, vice president of cyber threat intelligence at Radware. "E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round."The report highlights major bot attack trends and real-world attack data observed during the 2024 online holiday shopping season. In addition, it offers insights into the distributed, multi-vector attacks e-commerce providers and retailers can expect to battle this year.Key findings and insightsAI-generated bots with human-like behavior gain dominance: According to the report, bad bots made up 31% of total internet traffic during the last holiday season. Nearly 60% of the malicious traffic employed advanced behavioral techniques to evade traditional, signature-based detection. Combating these bots requires accurate AI-powered detection of attack patterns, including rotating IPs and identities, distributed attacks, CAPTCHA farm services, and other advanced anomalies, without causing false positives.Mobile-focused attacks surge: Malicious bot traffic directed at mobile platforms rose 160% between the 2023 and 2024 holiday shopping seasons, representing a fundamental shift in attacker focus. Security strategies need to be shored up and tailored for vulnerable mobile platforms and attackers using more sophisticated techniques, including mobile emulators, mobile-specific proxies, and headless browsers with mobile user-agent strings.Attacks leveraging distributed infrastructures and residential proxy networks increase: The proportion of holiday attack traffic originating from and blending in with ISP networks increased 32% between 2023 and 2024. Attackers are leveraging wider network and residential proxy services to evade rate-limiting, geo-based, and IP-based blocking mechanisms, creating even greater mitigation challenges for security teams working without advanced, multi-layered protections.Coordinated multi-vector attack campaigns escalate: To maximize their success, attackers are targeting applications by combining bot attacks with web application vulnerability exploits, business logic attacks, and API-focused attacks. Protecting already burdened security systems requires an integrated application security strategy that uses the latest threat intelligence and cross-correlates security threats across security modules.Radware will be addressing the new report and advanced protection strategies during the RSA 2025 Conference at the Moscone Center in San Francisco (booth #S-1227). The event takes place April 28-May 1, 2025.Radware's complete bot report can be downloaded here.About RadwareFull story available on Benzinga.com