COVID-19’s Impact on Business: Travel Bouncing Back, and so are the Malicious Attacks
After a significant drop in web traffic to near standstill on travel and hospitality websites during the first weeks of the eruption of COVID-19 early in March, the industry is recovering, led by local holidays and vacation travel. This change is indicated by a strong recovery of car rental services in the US, as well as a partial recovery in the lodging segment, including hotels, short-term rentals and other accommodations. Both segments cater to people sheltered in place for long periods of time and looking for alternatives to the traditional vacation flight, by driving and renting vacation units (houses, apartments or rooms) for short and long periods of time.
Car Rental Services Are Recovering
During the first weeks of the pandemic’s impact on the car rental industry, car rental services looked for large parking lots to store their fleet of unutilized cars. Looking at parking lots where rental cars are stored, we can see that rentals are on the rise (figure 1). Looking at car rental web traffic, it is evident that there is a recovery of organic “legitimate” users represented by a growth of 285% from the April 1 low point to date. This increase in users is accompanied by an increase in competitive scraping bot requests which almost doubled during the week of April 20 and spiked during the last week of April for a staggering overall increase of 544%, and stayed steady at that level since (figure 2).
When looking at the sources of the scraper and malicious bot traffic targeting US car rental services, we see that besides the expected requests originating from North America, we see a dramatic increase of malicious requests originating from Asia and Europe (shown in green and blue in figure 3) picking up during the last two weeks of April. Note that this increase is especially suspicious as it is specifically targeting car rentals in North America during a time where international travel is extremely limited.
Lodging Segment Recovering at Gradual Pace
The lodging segment is not recovering as rapidly as the car rental market, but it still made it back to about 60% of the level it was in early March. Malicious traffic on this industry did not slow down during this entire period, and we’ve seen a steady level of scrapers and account takeover (ATO) attacks hitting these sites (figure 4). When splitting the source of the malicious traffic by continent, attackers are spread across North America, Europe, and to a smaller extent Asia (figure 5).
Flight Industry Recovery is Lagging
For flights the recovery is much slower. This is to be expected with most countries still having strict travel bans and shutting down almost all international flights. While the web traffic level is about 70% lower than before travel bans and shelter in place regulations took effect (figure 6), when looking at the data closely we do see an almost 4X increase in traffic from the low point of April 1 (figure 7), largely powered by domestic flights, as well as the flexibility of free changes and cancellations of future plans. Unlike car rentals and lodging, competitive scraping for air travel dropped 85% the week of March 16 when the epidemic effect started. As traffic recovers, so does malicious traffic, up 151% by May 11 from its low point in April, staying at this higher level since. While the volume of malicious traffic is growing, it is still 65% lower than its levels prior to March 16.
We will continue to track changes in web application traffic and attack patterns across the travel and hospitality industry, as well in segments such as e-commerce, fashion and beauty, home goods, media and e-learning, during the period of COVID and beyond. Catch up on these trends in our COVID-19 blog series.
Originally published at https://www.perimeterx.com on June 30, 2020.
