- 57% of e-commerce website traffic during the 2024 holiday season was from bots, surpassing human traffic.
- Malicious bot traffic targeted at mobile platforms surged by 160% from 2023 to 2024.
- ISP network-based attacks using residential proxy services increased by 32% between 2023 and 2024.
Radware (RDWR, Financial), a global leader in application security, has unveiled its "2025 E-commerce Bot Threat Report," highlighting a significant shift in the online shopping and cybersecurity landscape. The report reveals that during the 2024 holiday season, 57% of online shopping traffic on e-commerce websites was generated by automated bots rather than human shoppers. This marks the first occurrence of non-DDoS generating bots driving more traffic than humans, indicating a critical development for online retailers.
According to the report, bad bots constituted 31% of total internet traffic during the last holiday season, with nearly 60% using advanced behavioral techniques to elude standard detection. This evolution presents a formidable challenge to e-commerce providers and retailers who depend on conventional security measures.
During the analysis period, malicious bot traffic targeting mobile platforms witnessed a substantial 160% increase between the 2023 and 2024 holiday shopping seasons. This surge signals a shift in attackers' focus towards mobile platform vulnerabilities, with more sophisticated techniques such as mobile emulators, mobile-specific proxies, and headless browsers being employed.
Furthermore, Radware's findings indicate a 32% rise in attack traffic from ISP networks using residential proxy services between 2023 and 2024. These attacks pose substantial mitigation challenges for security teams lacking advanced, multi-layered protective measures.
The report also discusses the increase in coordinated multi-vector attack campaigns, which combine bot attacks with various web application vulnerability exploits, business logic attacks, and API-focused attacks. Radware emphasizes the necessity of an integrated application security strategy utilizing the latest threat intelligence and cross-correlating security threats across different security modules.
Radware plans to address these emerging threats and protection strategies at the upcoming RSA 2025 Conference in San Francisco, illustrating its commitment to advancing cybersecurity solutions in the evolving threat landscape.
