Radware Finds 57% of Online Shopping Traffic Now Bots, Not Buyers
Radware (NASDAQ: RDWR) has released its '2025 E-commerce Bot Threat Report' revealing that 57% of e-commerce website traffic during the 2024 holiday season came from automated bots rather than human shoppers. The report highlights that 31% of total internet traffic consisted of malicious bots, with nearly 60% using advanced behavioral techniques to evade detection.
Key findings include:
- A 160% increase in malicious bot traffic targeting mobile platforms between 2023-2024 holiday seasons
- 32% rise in attack traffic from ISP networks using residential proxy services
- Emergence of sophisticated AI-enhanced bots capable of mimicking human behavior
- Increase in coordinated multi-vector attack campaigns combining various attack methods
Radware (NASDAQ: RDWR) ha pubblicato il suo 'Rapporto sulle Minacce Bot nell'E-commerce 2025', rivelando che il 57% del traffico sui siti di e-commerce durante la stagione delle festività 2024 proveniva da bot automatizzati anziché da acquirenti umani. Il rapporto evidenzia che il 31% del traffico totale su internet era costituito da bot maligni, con quasi il 60% che utilizzava tecniche comportamentali avanzate per eludere il rilevamento.
Tra le principali scoperte:
- Aumento del 160% del traffico di bot maligni diretti alle piattaforme mobili tra le stagioni festive 2023-2024
- Crescita del 32% del traffico di attacco proveniente da reti ISP che utilizzano servizi proxy residenziali
- Comparsa di bot sofisticati potenziati dall'intelligenza artificiale capaci di imitare il comportamento umano
- Incremento di campagne di attacco coordinate multi-vettore che combinano vari metodi di attacco
Radware (NASDAQ: RDWR) ha publicado su 'Informe sobre Amenazas de Bots en el Comercio Electrónico 2025', revelando que el 57% del tráfico en sitios de comercio electrónico durante la temporada navideña de 2024 provino de bots automatizados en lugar de compradores humanos. El informe destaca que el 31% del tráfico total de internet consistió en bots maliciosos, con casi el 60% usando técnicas avanzadas de comportamiento para evadir la detección.
Los hallazgos clave incluyen:
- Un aumento del 160% en el tráfico de bots maliciosos dirigidos a plataformas móviles entre las temporadas navideñas 2023-2024
- Incremento del 32% en el tráfico de ataques desde redes ISP que usan servicios proxy residenciales
- Aparición de bots sofisticados mejorados con IA capaces de imitar el comportamiento humano
- Aumento de campañas de ataques coordinados multi-vector que combinan varios métodos de ataque
Radware (NASDAQ: RDWR)는 '2025 전자상거래 봇 위협 보고서'를 발표하며 2024년 연말 시즌 동안 전자상거래 웹사이트 트래픽의 57%가 인간 쇼핑객이 아닌 자동화된 봇에서 발생했다고 밝혔습니다. 보고서에 따르면 인터넷 전체 트래픽의 31%가 악성 봇으로 구성되어 있으며, 이 중 거의 60%가 탐지를 피하기 위해 고급 행동 기법을 사용하고 있습니다.
주요 발견 사항은 다음과 같습니다:
- 2023-2024 연말 시즌 동안 모바일 플랫폼을 겨냥한 악성 봇 트래픽이 160% 증가
- 주거용 프록시 서비스를 사용하는 ISP 네트워크에서 공격 트래픽이 32% 증가
- 인간 행동을 모방할 수 있는 정교한 AI 강화 봇 출현
- 다양한 공격 방식을 결합한 다중 벡터 공격 캠페인 증가
Radware (NASDAQ : RDWR) a publié son « Rapport sur les menaces des bots dans le e-commerce 2025 », révélant que 57 % du trafic des sites e-commerce durant la saison des fêtes 2024 provenait de bots automatisés plutôt que d’acheteurs humains. Le rapport souligne que 31 % du trafic internet total était constitué de bots malveillants, dont près de 60 % utilisaient des techniques comportementales avancées pour échapper à la détection.
Les principales conclusions incluent :
- Une augmentation de 160 % du trafic de bots malveillants ciblant les plateformes mobiles entre les saisons des fêtes 2023-2024
- Une hausse de 32 % du trafic d’attaque provenant de réseaux ISP utilisant des services proxy résidentiels
- L’émergence de bots sophistiqués renforcés par l’IA capables d’imiter le comportement humain
- Une augmentation des campagnes d’attaques coordonnées multi-vecteurs combinant diverses méthodes d’attaque
Radware (NASDAQ: RDWR) hat seinen '2025 E-Commerce Bot Threat Report' veröffentlicht, der zeigt, dass 57 % des E-Commerce-Webseitenverkehrs während der Weihnachtssaison 2024 von automatisierten Bots und nicht von menschlichen Käufern stammte. Der Bericht hebt hervor, dass 31 % des gesamten Internetverkehrs aus bösartigen Bots bestanden, wobei fast 60 % fortschrittliche Verhaltensmethoden zur Erkennung umgehen nutzten.
Wesentliche Erkenntnisse umfassen:
- 160 % Anstieg des bösartigen Bot-Verkehrs auf mobilen Plattformen zwischen den Weihnachtssaisons 2023-2024
- 32 % Zunahme des Angriffsverkehrs aus ISP-Netzwerken, die Residential Proxy-Dienste nutzen
- Aufkommen hochentwickelter, KI-gestützter Bots, die menschliches Verhalten nachahmen können
- Zunahme koordinierter Multi-Vektor-Angriffskampagnen, die verschiedene Angriffsmethoden kombinieren
- First comprehensive report highlighting critical cybersecurity trends in e-commerce
- Demonstrates Radware's leadership position in identifying and analyzing emerging cyber threats
- Positions company as thought leader in bot detection and mitigation solutions
- Rising sophistication of cyber threats may require increased R&D investment
- Growing complexity of attacks could lead to higher operational costs
- Increasing attack vectors may result in greater resource allocation for threat mitigation
New 2025 E-commerce Bot Threat Report details rise in bot attacks, emerging threat vectors, and shifting defense strategies
MAHWAH, N.J., April 23, 2025 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its “2025 E-commerce Bot Threat Report.” The report found that automated bots—good and bad bots—accounted for
“Bad bots are no longer just based on simple scripts—they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defenses,” said Ron Meyran, vice president of cyber threat intelligence at Radware. “E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”
The report highlights major bot attack trends and real-world attack data observed during the 2024 online holiday shopping season. In addition, it offers insights into the distributed, multi-vector attacks e-commerce providers and retailers can expect to battle this year.
Key findings and insights
- AI-generated bots with human-like behavior gain dominance: According to the report, bad bots made up
31% of total internet traffic during the last holiday season. Nearly60% of the malicious traffic employed advanced behavioral techniques to evade traditional, signature-based detection. Combating these bots requires accurate AI-powered detection of attack patterns, including rotating IPs and identities, distributed attacks, CAPTCHA farm services, and other advanced anomalies, without causing false positives. - Mobile-focused attacks surge: Malicious bot traffic directed at mobile platforms rose
160% between the 2023 and 2024 holiday shopping seasons, representing a fundamental shift in attacker focus. Security strategies need to be shored up and tailored for vulnerable mobile platforms and attackers using more sophisticated techniques, including mobile emulators, mobile-specific proxies, and headless browsers with mobile user-agent strings. - Attacks leveraging distributed infrastructures and residential proxy networks increase: The proportion of holiday attack traffic originating from and blending in with ISP networks increased
32% between 2023 and 2024. Attackers are leveraging wider network and residential proxy services to evade rate-limiting, geo-based, and IP-based blocking mechanisms, creating even greater mitigation challenges for security teams working without advanced, multi-layered protections. - Coordinated multi-vector attack campaigns escalate: To maximize their success, attackers are targeting applications by combining bot attacks with web application vulnerability exploits, business logic attacks, and API-focused attacks. Protecting already burdened security systems requires an integrated application security strategy that uses the latest threat intelligence and cross-correlates security threats across security modules.
Radware will be addressing the new report and advanced protection strategies during the RSA 2025 Conference at the Moscone Center in San Francisco (booth #S-1227). The event takes place April 28–May 1, 2025.
Radware’s complete bot report can be downloaded here.
About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.
©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND 2025 E-COMMERCE BOT THREAT REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that e-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.
