Grinch Bots Wreaking Havoc This Holiday Season

PUBLISHED ON December 10, 2021
LAST UPDATED March 18, 2022

We’re right in the midst of the biggest online shopping days of the year. Add Covid to the mix, and it’s likely bigger than ever before. Retailers have been planning for this for months, and are now busy running promotions and organizing flash sales, trying to take advantage of the traffic and drive business. But it’s also the cyberattackers’ busy season. It’s becoming commonplace for scammers to take advantage of these holiday campaigns, feasting on the opportunities to gobble up inventory, and as a result, driving up the prices on the black market. These attacks not only hurt the customer experience, but also a brand’s bottom line and reputation.  

And now, we have so-called “Grinch bots” that are quickly buying up all the “hot” holiday items in order to sell them for a markup on the black market. Bots are frequently leveraged in attacks on the e-commerce industry, and while not all bots are bad (think retail bots, such as Honey, Shopify Messenger, or WeChat), Grinch bots are further evidence that many are.  

And these bots are not only malicious, but also — because they mimic normal users’ buying behaviors — difficult to detect. Since there’s a significant potential profit involved, attackers can afford to distribute the attacks across tens of thousands of IPs, avoid IPs already flagged on various threat intel feeds, and develop extremely complex rotations in order to evade detection. We’ve seen everything from the use of residential proxies to compromised IoT device networks used as launching points. Another interesting tactic used is to bypass traditional web-based authentication and authorization checks by targeting vulnerable APIs supporting web and mobile storefronts.  

Unlikely these Grinch bots will have a change of heart this Christmas, but understanding their tactics is the first step in keeping them at bay. Learn more about how modern cyberattacks, like Grinch bots, work in our new guide, What You Need to Know About the Modern Threat Landscape

If you’d like to learn more about how we’re detecting and thwarting malicious bot attacks, we’d love to give you a demo.


About the Author

Bret Settle

Bret has served in multiple executive roles for Corporate Express/Staples and BMC Software and has extensive knowledge of the software development and security products industries. Bret has been responsible for enterprise security in multiple roles and has been an innovator throughout his career and has a proven track record of building and developing high performing organizations and dynamic cyber security teams.