Holiday shopping season makes e-commerce sites an attractive target for cybercriminals using bots to run distributed denial of service attacks, make fraudulent purchases, and scan for vulnerabilities they can exploit. In mid-November, Barracuda researchers ran Barracuda Advanced Bot Protection in front of a test web application, and the number of bots they detected in just a few days was staggering, with millions of attacks coming in from thousands of distinct IP addresses. When viewed by time of day, Barracuda researchers saw that bots do not just wait until the middle of the night to attack. For example, in the UK, bot activity peaks mid-morning and does not fall off until closer to 5 p.m., which may indicate the cybercriminals follow a regular working day. Here’s a closer look at the trends Barracuda researchers found about the ways cybercriminals are spoofing good User-Agents and the new patterns for these types of attacks.