Web-based botnets are designed specifically to interact with websites, and have advanced in recent years to become more human-like, according to Radware's Winward. These botnets are now capable of doing everything from collecting and scraping intelligence to doing credential stuffing attacks or initiating HTTP interactions that result in DDoS attacks, Winward said.
Web-based botnets can do inventory manipulation, Winward said, where they collect a massive amount of a company's items into a cart before eventually abandoning the cart. This ultimately takes a financial toll on companies since they're unable to sell things that are stuck in a customer's cart.
Customers struggle to tell which traffic on their network is good and which is bad, meaning that they're unable to simply block the bad traffic, according to Winward. As a result, Winward said businesses typically end up overbuilding their infrastructure and letting both the good traffic and the bad traffic in.