Advertisement
Live broadcast

Disrupt data: bots lure buyers to the gray market

Since the end of July, they have been massively attacking online electronics stores.
0
Photo: IZVESTIA/Eduard Kornienko
Озвучить текст
Select important
On
Off

Bot attacks lead up to a third of electronics buyers from online stores to gray sellers, experts told Izvestia. Similar activity has been recorded since the end of July. Competitors collect information about price changes and the availability of goods, especially smartphones. Bots have taken up to 70% of website traffic from a number of networks, which has slowed down the work and complicated the use of resources by customers. With a change in the geopolitical situation, it is worth waiting for increased attacks, experts believe. For more information, see the Izvestia article.

Who was attacked by bots

In late July and early August, parser bots carried out a large–scale attack on the online electronics trading segment, cybersecurity companies told Izvestia. In some cases, the frequency of automatic parsing attempts increased 2.5–3.5 times compared to normal days, and the share of bot traffic among individual players exceeded 70%, said Daniel Shcherbakov, deputy general Director of Servicepipe.

The main purpose of bot parsers is to aggressively collect information about prices and availability of goods, primarily smartphones and laptops. When the dollar exchange rate jumps, competitors or illegal trading platforms need information about how the volatility of the ruble affects prices, the expert explained.

— The activity was associated with a sharp fluctuation in the dollar exchange rate on July 30, 2025, when there was a jump in the exchange rate from 79.58 rubles to 82.22 rubles per dollar, — said Daniil Shcherbakov. — In some cases, the frequency of automatic parsing attempts has increased 2.5–3.5 times, on normal days the share of bot traffic is no higher than 20-25%. It was noteworthy that the bots, faced with unsuccessful attempts, tried to bypass the protection and modify the bots.

On some resources, the number of "targeted" heavy requests exceeded 10,000 per minute. And bot activity persisted for at least two days, on July 30 and 31, and remained at elevated levels until August 1.

"This is comparable in terms of workload to peak periods such as Black Friday or New Year's sales," he added.

There is a trick against hacking: how hackers crack passwords of Russians in seconds
Neural networks have simplified the work of cybercriminals

The activity of automated data collection systems during this period was confirmed by the press service of the company "M.Video-El Dorado".

— We closely monitor the security of our online services. In particular, during this period, our specialists recorded the activity of automated data collection systems. All such attempts are stopped in a timely manner and do not affect the operation of websites, mobile applications and the convenience of customers," they stressed.

According to Izvestia's sources, two more large electronics store chains were attacked by bots.

Kirill Levkin, MD Audit Project manager (Softline Group), confirmed the intensification of bot attacks, and also added that the websites of developers and retailers were attacked, where they massively collected prices, assortment and leftovers.

— Such actions can cause an overload comparable to a DDoS attack. Now the scale is smaller, but such manifestations are periodically repeated, especially during sales and promotions, when price information is most in demand by competitors or resellers," he said.

What are the risks of bot attacks?

Massive attacks by bot-parsers, which have been observed since the end of July, take away up to a third of real buyers from individual networks, said Ekaterina Kosareva, managing partner of the VMT Consult analytical agency.

"This is not a figure of speech, but a real loss of audience, which goes to the gray sellers," she said. — When 50-70% of website traffic is clogged by bots, the speed, catalog availability, and order processing suffer. The buyer won't wait: he just goes to a place where the site opens faster, even if it's a dubious seller.

Automated parsers that massively collect data on prices and availability of goods, especially in the smartphone segment, not only overload websites and slow them down, but also create comfortable conditions for unscrupulous players, said Igor Rastorguev, a leading analyst at AMarkets.

"The danger of the gray market is that consumers often receive products without an official warranty, without a transparent history of origin, and with an increased risk of defects," he stressed.

Gray sellers are a threat to the buyer, Ekaterina Kosareva added. There is no guarantee, there is no transparent origin of the goods, and there is a high risk of running into counterfeit goods or equipment imported in circumvention of regulations.

"And when a person encounters a smartphone malfunction in six months and finds out that the service center refuses to repair it, it will be too late to prove anything," the expert warned. — If the industry does not invest in serious cyber defense now, then at the peak of autumn demand and with increased attacks due to geopolitical turbulence, we will get an even larger outflow to gray players and it will be extremely difficult to return these customers.

In these circumstances, protecting online sales channels and filtering traffic are becoming key tasks for retail chains. This is not only about technical cybersecurity, but also about maintaining consumer trust, which directly affects the loyalty and long-term competitiveness of companies in the face of increasing competition with gray sellers.

The scenario of a repeat of the exchange rate hikes in August this year is highly likely to provoke a new wave of attacks on e‑commerce sites, especially on the consumer electronics segment, confirmed Daniil Shcherbakov.

"That's why retailers are advised to enable protection against bot attacks in advance in order to be prepared for an influx of parsers," he stressed.

What kind of attacks are being carried out on online stores

More than half of all Internet traffic is from bots, said Sergey Chernomashentsev, Director of Development at information security audit company HackU.

"Data collection from competitors' websites, advertising analytics, auto—registration, and many other areas have long been automated by bots," he recalled. — Moreover, such services are needed on both the white and black markets. There are entire companies whose activities consist in writing such software, and their clients can be both individuals and large companies.

However, such massive attacks may be part of a planned targeted attack, added Alexander Ulyakhin, head of Technical sales Support at UDV Group.

"When receiving information about increased activity on the perimeter, you need to pay attention to anomalies in the internal infrastructure," the expert pointed out. — One of the reasons for the increased activity may be seasonality: the beginning of the school year in schools is approaching, and many are already starting to buy.

The summer surge may be related not only to exchange rate fluctuations, but also to a temporary factor: during the holiday period, many companies may weaken operational monitoring, and attackers take advantage of this, explained Artem Izbayenkov, director of the Solar Space cloud cyber defense platform, Solar Group.

"At the same time, we see a trend towards combined attacks — when parsing is combined with microdosed DDoS attacks in order to soften protection," he noted. — The main problem today is the evolution of parsers. They can no longer be stopped by simple means like CAPTCHA or IP blocking.

Hacking to order: how businessmen hire hackers to fight their competitors
The number of custom penetrations into IT systems of Russian companies increased by 26%

In addition to parsing, companies face DDoS attacks, phishing outbreaks, and ransomware activity, Kirill Levkin added. This is due to seasonal peaks in demand, accelerated digitalization, and the availability of "ready-made" botnet services that allow even unskilled attackers to launch large-scale attacks.

In addition, there are hacks in which "weak" account passwords are selected and websites are scanned for known vulnerabilities, noted Sergey Chernomashentsev. Despite the obvious nature of these problems, they are still relevant and bring fraudsters results.

The fight against bots is an endless arms race, despite the significant development of user identification technologies, he stressed.

It is important to constantly improve systems for detecting such activity, for example, using more sophisticated machine learning and data analysis algorithms, said Ekaterina Danilova, Business Development Manager at Kaspersky Fraud Prevention. Additional user authentication methods should also be implemented, such as two-factor authentication.

Переведено сервисом «Яндекс Переводчик»

Live broadcast
Subscribe and get the news first
Menu
Advertisement
RSS

Copyright for the iz.ru portal content visualisation system, as well as for the source data, including texts, photos, audio and video materials, graphic images, other works and trademarks, belongs to "MIC Izvestia" LLC

Partial quotation is possible only with a hyperlink to en.iz.ru

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The advertiser is responsible for the content of any advertising materials posted on the portal.

The information resource uses recommendation technologies. More detailed

The news, analytics, forecasts and other materials presented on this website do not constitute an offer or recommendation to buy or sell any assets.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019. , Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2025