The Surge in Scraping Attacks
The evolution of generative AI has unleashed web scraping attacks. Once limited to a handful of industries, website scraping has expanded to new verticals. Social media companies experienced a QoQ double-digit increase in scraping attacks. Adversaries use bots to scrape data that is then used to fine-tune their AI models.
Discover other fresh findings on just how much this attack has grown with new data from Breaking (Bad) Bots: Bot Abuse Analysis and Other Fraud Benchmarks, Q4 2023.
A Skyrocketing Attack Type
Scraping is now the third most popular attack type, behind fake account creations and account takeovers in volume.
Top 5 Attack Type
Fake Account Creations
Attacks connected with initial registration for an online account
Account Takeover
Attacks associated with logging into an account, such as ATO and credential stuffing
Scraping
The scraping of data, content, and images for malicious purposes
Account Management
Attacks on customer support call centers, including password resets
In-Product Abuse
Abuse including inventory hoarding, loyalty point abuse, chat abuse, bogus gaming sessions, cheating services, and win-loss trading
Web scraping shows no signs of slowing down. It was the fastest growing attack in the first half of 2023.
Top 4 Attack Types with Biggest Increases from Q1 to Q2
Bot-powered Assaults
How do scraping attacks happen? The answer is straightforward: Bots give scraping attacks efficiency and effectiveness at scale. Not only do bots far outpace legitimate human traffic in overall volume, but they’re responsible for virtually all scraping attacks.
Overall Traffic
100% of scraping attacks perpetrated by bots
Bots are also getting smarter. Intelligent bot attacks are increasing at a faster pace than basic bot attack, and website scraping makes up a much higher proportion of intelligent bot attacks than it does basic bot attacks.
Increase in Attack Types from Q1 2023 to Q2 2023
Scraping as a percent of attack vectors, H1 2023
Industries In The Spotlight
Travel & Hospitality
Scraping has long plagued the travel and hospitality industry, where rivals harvest valuable information like inventory and pricing data to gain a competitive edge. In the third quarter of 2023, nearly three of four attacks in this sector were scraping attacks.
Scraping in Travel and Hospitality, Q3 2023
Social Media
A relatively recent target industry, bad actors have begun scraping social media sites en masse, using this treasure trove of information for malicious purposes like identity theft or social engineering schemes.
11%
Rise in social media scraping attacks, Q2
3rd
Biggest attack type on social media platforms is scraping
16%
Of all attacks on social media are scraping
12%
Of all social media traffic is malicious scraping
Three Notable Scraping Trends
Arkose Labs threat researchers have observed three important landscape changes.
Evolution
The progression from simple scrapers to ATO class infrastructure
Growth
An increasing number of commercial scraper services
Expansion
Developer groups scraping data for new purposes like training GenAI app
Arkose Bot Manager Stops Malicious Scraping
The Arkose Bot Manager platform provides the most effective protection against website scraping across all industries. Advanced risk profiling identifies suspicious sessions, while targeted enforcement challenges block automated and fraud farm-driven attacks at scale. In addition to consumable data signals for internal risk models and a global threat intelligence network, Arkose Labs offers unparalleled 24/7/365 SOC support and is backed by an industry-leading SLA.
Download the full report
Download PDF Version
