T the 2024 holiday season, 57 % of e-commerce website traffic was generated by bots, both benign and malicious. This marks the first time that automated, non-DDoS bots have surpassed human shoppers in traffic volume, presenting a critical challenge for online retailers.
INTELLIGENT mobile
SECURITY mobile
Bots now dominate e-commerce traffic, warns Radware report
Combating such bots requires advanced, AI-powered detection capable of identifying complex attack patterns, such as rotating IP addresses and identities, distributed attacks, CAPTCHA farm services and other anomalies, without generating false positives.
Mobile technology, a target
Malicious bot traffic targeting mobile platforms increased dramatically, rising by 160 % between the 2023 and 2024 holiday shopping seasons, representing a fundamental shift in attacker focus, necessitating enhanced and tailored security strategies for vulnerable mobile platforms. Attackers are employing increasingly sophisticated techniques, including mobile emulators, mobile-specific proxies and headless browsers with mobile user-agent strings, to target these devices.
The report also identifies a growing trend of attackers leveraging distributed infrastructures and residential proxy networks. The proportion of holiday attack traffic originating from and blending in with legitimate ISP networks increased by 32 % between 2023 and 2024.
A new report from Radware reveals a significant shift in the e-commerce cybersecurity landscape, with automated bots now accounting for the majority of online shopping traffic.
he 2025 Ecommerce Bot Threat Report indicates that during
T the 2024 holiday season, 57 % of e-commerce website traffic was generated by bots, both benign and malicious. This marks the first time that automated, non-DDoS bots have surpassed human shoppers in traffic volume, presenting a critical challenge for online retailers.
The report details key bot attack trends and provides real-world attack data from the 2024 holiday shopping period.
One of the report’ s key findings is the rise of AI-generated bots exhibiting human-like behaviour. According to Radware, bad bots constituted 31 % of total Internet traffic during the last holiday season. A significant portion, nearly 60 %, of this malicious traffic employed advanced behavioural techniques, making them difficult to detect using traditional, signature-based methods.
The tactic allows attackers to evade common security measures such as rate-limiting, geo-based blocking and IP-based blocking, significantly complicating mitigation efforts for security teams lacking advanced, multi-layered defences.
Smart bots
Radware’ s report warns of the escalation of coordinated multi-vector attack campaigns. Attackers are increasingly combining bot attacks with other methods, such as web application vulnerability exploits, business logic attacks and API-focused attacks, to maximise their success.
The trend places additional strain on already burdened security systems, underscoring the need for an integrated application security strategy that incorporates the latest threat intelligence and can correlate security threats across different security modules.
“ Bad bots are no longer just based on simple scripts – they’ re sophisticated, AI-enhanced agents capable of outsmarting traditional defences,” said Ron Meyran, Vice President of Cyberthreat Intelligence at Radware.
“ E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”
58 WWW. INTELLIGENTCISO. COM