COVID-19 Part 4: Data Tells the Story

In the fourth edition of our COVID-19 data update series, we examine the traffic and attack patterns that have continued to shift dramatically across the e-commerce industry as people stay at home to help flatten the coronavirus curve. In last week’s post, we highlighted increased malicious activity in the fashion and home goods segments. This week, we explore brand new segments including freelance marketplaces and media, we revisit the surging e-learning segment, and we close with how marijuana delivery services are impacted by the pandemic.

Freelance Marketplaces are in Demand

Beginning the week of March 16, overall traffic to marketplaces for freelance services is up 27% (figure 1) as stay-at-home orders took effect throughout the US and around the world. These services are in high demand as the economy is slowing down, and are more attractive when businesses and teams are working remotely by default. During this period of time, malicious traffic is also growing but steady (figure 2) as a percentage of the overall traffic to these sites.

Media Traffic is Up — on Weekends and Weekdays

Traffic to media websites is up 43% from the first week of March and up 87% from mid-February, when COVID-19 cases started spreading outside of China and drawing more news and business attention (figure 3). Peak traffic is during weekdays as expected, but there is a significant increase in weekend traffic as well, so people are certainly spending more time consuming media. Surprisingly, malicious traffic isn’t growing at the same pace and remains mostly stable in this segment.

While malicious traffic was relatively steady for the entire period, web scraping bot traffic is significantly lower starting on March 10 (figure 4). One theory for this new pattern is that the decline in advertising has impacted scrapers negatively. Fraudsters and copyright violators scrape content from media sites to republish on other sites, often to lure users away and monetize the new traffic with ads or other less legitimate ways. With advertising budgets declining, there are fewer ways to monetize on ads so scrapers are spending their time elsewhere.

E-learning Traffic and Attacks are Up

Revisiting the e-learning segment that we covered two weeks ago, we can see that after a huge spike during the week of March 16, when many schools were closed and moved to e-learning at home, overall traffic remains high. It has stabilized at a 110% increase — or 2.1X the previous rate — when compared to the levels seen before the initial closures. This is slightly lower than the initial peak of 146% seen that week (figure 5). Malicious traffic during this period is up 121% — or 2.2X the level prior to lockdown, and is still growing (figure 6).

Looking at login attempts, legitimate user logins are up 192% — almost 3X. Now, attackers and fraudsters are joining the party with massive account takeover (ATO) attacks, increasing 161% or 2.6X the already high level of ATO attempts this segment suffered prior to the school closures (figure 7). ATO remains at an average of 80% to 85% (figure 8) of all login traffic, and is much higher during specific attacks.

Marijuana Delivery Service Traffic is High

To round out this week’s blog, it’s interesting to note that another segment benefitting from the rise of e-commerce during the pandemic is marijuana delivery services with traffic up 102% from pre stay-at-home levels (figure 9).

Attackers quickly identified this trend. In the last 10 days attack activity is quickly rising, fueled mostly by ATO attacks, with daily spikes of more than 10 times the levels from a month ago (figure 10).

In our next blog, we will continue to track the rise of e-commerce and related malicious bot activity as digital patterns continue to shift dramatically during the pandemic. You can subscribe to the PerimeterX blog to stay up to date.

Originally published at https://www.perimeterx.com on April 9, 2020.