The AI boom has made memory in such short supply that dodgy bots are hunting for cheap DDR5 RAM online.
That's according to DataDome's Galileo threat research group, which spotted one scalping operation making more than 10 million scraping results, including checking stock for specific RAM kits every few seconds.
"The demand for high-performance DDR5 RAM has skyrocketed, creating shortages and driving up prices," DataDome VP of threat research Jerome Segura wrote in a blog post.
Because of AI demand, manufacturers have refocused production on industrial grade equipment, away from consumer-level hardware – and that means supply for the latter has disappeared.
That's a problem for two reasons. First, the scraper bots are using dodgy techniques to avoid detection when flooding websites with traffic, but also because it means legitimate customers can't get ahold of such equipment, driving up prices further through scalping.
"The modus operandi is simple: buy at the lowest price and then resell for a higher price on secondary markets in order to make a hefty profit," Segura said.
But the bots aren't just looking at resellers. Indeed, they’re being used to target the entire memory supply chain, "from consumer RAM to B2B industrial memory providers and raw hardware components like DIMM sockets," said Segura.
That includes B2B memory providers as well as consumer RAM kits for PC builders and local workstations. Segura added: "This reveals that the scalping squeeze is impacting the entire DDR5 supply chain from the manufacturing floor to the retail shelf."
How the RAM scalping works
DataDome said its own research team found a "sophisticated operation" of fraudsters that were taking advantage of an online service that monitors prices, using it to target DDR5 memory in particular.
The bots are visiting product pages for DDR5 RAM six times more often than legitimate traffic, DataDome found.
"The scalping bots were making over 50K requests every hour, with an average of 550 scraping attempts for each RAM listing," said Segura. "In total, DataDome blocked more than 10m scraping requests."
The fraudsters used techniques like cache busting, changing parameters for every request to look like a fresh visitor, and learning rate limits in order to keep just below them.
Notably, the company was able to spot the bot scraping activity via clear signs of automation, including traffic falling back to near zero when faced by any resistance, as well as consistent peaks that don't match human activity.
"As AI continues to drive demand for computing hardware, we can expect more sophisticated scalping operations targeting high-value, scarce components," Segura said.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Xiaomi Pad 8 Pro review
Microsoft could be planning to release a new AI bundle for Microsoft 365
