How Ukraine’s Premier Electronics Retailer Ended Bot Attacks on its Digital Storefront

With the accelerated growth of online retailers — especially after the Covid pandemic — we are witnessing an alarming rise in the deployment of malicious bots. While it’s certainly the case during the holiday sales season, digital storefronts are open year around. No time of year is safe.  E-commerce websites and applications are increasingly being overwhelmed by bots deployed for malicious reasons. These include product scalping, pricing and product data scraping, user account takeover (ATO), inventory denial, DoS attacks and payment card and affiliate fraud. This is just a sample of the threats; there are many more. 

Bot Attacks are Among the Biggest Threats to Online Retailers

Separate or combined, bad bot attacks pose some of the biggest threats to online retailers. They directly impact operations in an array of harmful ways, including:

  • Website slowdowns and outages
  • A frustrating customer experience (CX)
  • Account takeover (ATO), which leads to:
    • Theft of personally identifiable information (PII) and payment card/ bank account information
    • User complaints about cashed-out gift cards and loyalty points
  • Poor availability of highly sought-after products due to scalpers buying them for resale later
  • Loss of revenue and brand image
  • Skewed traffic analytics that hinder strategic and marketing teams from getting accurate and actionable data with which to work

How Bad Bots Affected Allo, Ukraine’s Leading Electronics Retailer

Electronics retailer Allo turned to Radware Bot Manager for help in mitigating ongoing, harmful malicious bot traffic. With annual revenues of over $400 million, Allo operates over 400 retail stores and attracts more than 10 million shoppers to its website each year. Its digital storefront was regularly attacked by bad bots that took large bites from its revenue through several types of automated attacks.     

During a single week, over 8 million bots swarmed Allo’s website to systematically scrape pricing and product information without authorization. While certain types of bots are useful to shoppers wanting to find the best prices, these bots undermined Allo’s pricing strategies by potentially using the scraped data to harm its competitiveness in the marketplace. The scraped data could be used by competitors to undercut Allo’s prices and affect its market advantage and sales numbers. 

In that same week, there were over 53,000 ATO attempts by bots against Allo, and approximately 136,000 bad bots carried out cart abandonment attacks that made products appear as unavailable to genuine shoppers. This, of course, significantly reduced Allo’s sales volumes. Additionally, it was discovered that bots carried out affiliate link fraud through Allo’s website, which deprived its affiliates of commissions and harmed business relationships.

Radware Bot Manager Proves Itself Throughout Rigorous Trial

Prior to trialing and implementing Radware Bot Manager, Allo had initially approached Radware to implement a web application firewall (WAF) and application protection solution. Our analysts discovered that more than 50% of all visitors to Allo’s retail site were actually bots. It was an unsustainable situation that, if left unchecked, would have led to a range of adverse consequences.  

For the Radware Bot Manager proof of concept (POC), visitor traffic was analyzed for a week. Soon after, Radware Bot Manager went into ‘Active Mode’ and started blocking over 2 million bad bots each day thereafter. Suspected bots were shown a CAPTCHA to solve to enter the website. Overall, only 0.25% of these challenges were solved, which meant almost all bots were blocked and most of the genuine customers were not shown a CAPTCHA while visiting the website. 

Need to Stop Malicious Bots?

Radware has helped e-commerce firms around the world prevent malicious bot attacks, and secure their websites and mobile applications against the constant threats bad bots pose to online retailers and their customers. Radware Bot Manager works across all channels (websites, mobile applications and APIs) by combining behavioral modeling for granular intent analysis, collective bot intelligence and fingerprinting of browsers, devices and machines. For help keeping your digital storefront safe from malicious bots that can jeopardize revenue and tarnish your organization’s brand reputation, reach out to our cyber security experts at Radware.

    If you’ll be attending the RSA Conference in San Francisco on April 24-27, make sure and stop by the Radware booth (#2139). Meet with our team of experts and take your cybersecurity to the next level. Better yet, you can set up an appointment with them here.

    Siddharth Deb

    Siddharth is a Senior Content Developer at Radware's Bot Management group. He has worked with over 150 organizations across a diverse range of industries over the past decade and a half, writing research articles, blogs, scripts, white papers, web content and much more. Siddharth has a BBA from UT Arlington, and is a passionate motorcyclist who regularly rides to his favorite destinations.

    Contact Radware Sales

    Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

    Already a Customer?

    We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

    Get Answers Now from KnowledgeBase
    Get Free Online Product Training
    Engage with Radware Technical Support
    Join the Radware Customer Program


    An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

    What is WAF?
    What is DDoS?
    Bot Detection
    ARP Spoofing

    Get Social

    Connect with experts and join the conversation about Radware technologies.

    Security Research Center