Commerce sector faces surge in bot attacks, Fastly report warns

Fastly has released its Q1 2025 Threat Insights Report highlighting new trends in application security, including a sharp increase in attacks targeting the commerce sector and a continued prevalence of automated bot traffic.

The report found that attack volumes aimed at companies in the commerce industry have doubled over the past year, accounting for 31% of all observed attacks in Q1 2025, up from 15% in Q1 2024.

Researchers attributed this surge to a shift in attacker focus, with commerce websites now attracting the largest share of unwanted bot traffic at 39% compared to other sectors surveyed.

Alongside the rise in commerce-focused attacks, the report documented that automated traffic, known as bots, now represents 37% of all observed internet activity. Of this bot traffic, 89% was classified as unwanted, which includes malicious activity such as attempts to take over accounts, commit ad fraud, or steal data.

Fastly's Staff Security Researcher, Simran Khalsa, commented on the significance of understanding the nature of bot traffic for online businesses. "As bots make up a growing portion of internet traffic, the ability to tell the difference between useful and unwanted automation is becoming more important," Khalsa said. "If you're not actively managing bot traffic you could be spending on infrastructure, bandwidth, or performance that is effectively being wasted on serving malicious or non-productive traffic."

The distinction between wanted and unwanted bots is seen as crucial. The report notes that search engine crawlers, which accounted for 66% of wanted bot traffic, provide value by driving legitimate visibility and traffic to websites. Conversely, unwanted bots can disrupt services and harm business operations.

Fastly's quarterly report draws on data from 6.5 trillion monthly requests processed across its security portfolio, which includes its Next-Gen Web Application Firewall, Bot Management, and DDoS Protection solutions. These services secure over 130,000 applications and APIs spanning multiple industries, such as e-commerce, streaming, media and entertainment, financial services, and technology.

High technology organisations were identified as the most targeted sector overall, making up 35% of observed attacks across Fastly's network. The focus on the commerce industry stood out, however, due to the significant rise in attack volume compared to the previous year.

Among the specific attack techniques highlighted, attempted logins using compromised passwords averaged over 1.3 million per day in March 2025. This activity was said to be partly driven by the use of proxy services to automate credential-based attacks.

Fastly's analysis found that, despite concerns about complex, tailored cyberattacks, much of the activity observed continues to rely on commonly used methods. According to the report, "A recurring takeaway from our latest report: the vast majority of attacks aren't the one-of-a-kind, tailored threats we often hear about. Instead, attackers frequently employ established methods, launching the same payloads across numerous organisations. Think of it as a spray-and-pray approach!"

The Q1 2025 Threat Insights Report is intended to assist security teams in strengthening defences, prioritising resources, and responding effectively to typical forms of malicious activity. The findings offer practical guidance in areas ranging from bot management to protection against application-layer DDoS and credential compromises. The telemetry and insights are drawn directly from real-world scenarios across Fastly's global customer base.