Bots launch massive assault on DDR5 memory stock as AI demand fuels scalping epidemic

Memory scalpers hunt scarce DRAM with bot blitz

We can remember it for you wholesale, and sell it back to you for big bucks Web scraping bots are increasing the pressure on the tech supply chain by scouring sites for DRAM, so their minders can snap up increasingly scarce inventory and resell it for a quick profit. DataDome, an online security biz, reports that its Galileo threat team spotted a large-scale data gathering operation that has submitted more than 10 million web scraping requests in an effort to find sellers carrying desirable DRAM stock. The bots have been hitting select sites every 6.5 seconds to query inventories of DRAM and raw hardware components like DIMM sockets. And the people behind the crawlers appear to be using AI tools to enhance the effectiveness of their scraping runs. "Fraudsters will combine various tooling and commodities to perform fraud at scale, but it's not always obvious what they are using, or for which purpose," said Jérôme Segura, VP of threat research at DataDome, in an email to The Register. "Having said that, we have observed threat actors discuss the use of AI to reverse-engineer anti-bot protection or to automate scripting tasks. AI is unique in that it gives leverage from script kiddies all the way to professional scrapers." According to DataDome, the inquisitive bots have been hitting DRAM product pages on e-commerce sites at a rate almost 6x more often than legitimate users and friendly crawlers. And these memory sniffers have been relying on a technique known as cache busting to ensure they get the most up-to-date information. Cache busting involves appending parameters to page requests so they appear different from prior requests. This ensures that the server loads the latest product information instead of serving cached data that may not reflect current product availability. The bots are also tuned to throttle their requests to an acceptable rate - presumably tested in advance - so they don't get rate limited. The bot campaign appears to be focused on identifying available DRAM, and doesn't involve automated purchasing of memory. But acquiring memory for resale is the plan. "By rapidly snapping up the limited DDR5 memory inventory for profitable resale, these bots further deplete the consumer supply, effectively boxing out legitimate customers and driving market prices even higher," the DataDome report says. DRAM, specifically DDR5 memory, has been in short supply since last November, as accelerating infrastructure deployment from hyperscalers and AI giants has increased demand for memory. The resulting memory drought is expected to double the price of DRAM in Q1 2026, and to increase the cost of NAND too. With so much supply spoken for by large cloud providers, mid-tier and smaller cloud vendors have been forced to raise their prices, as Hetzner recently did. The starved supply chain is also expected to limit entry-level PC and phone shipments. ®

AI memory gold rush sparks high-speed bot assault on DDR5 inventory - SiliconANGLE

AI memory gold rush sparks high-speed bot assault on DDR5 inventory A new report out today from cyberfraud protection startup DataDome SAS warns that surging demand for DDR5 memory, fueled by the artificial intelligence boom, has triggered a wave of automated scalping activity that is overwhelming online retailers and distorting supply. The report details how bots are now hitting DDR5 RAM product pages nearly six times more often than legitimate users and benign bots. In one campaign, fraudsters were observed generating more than 50,000 scraping requests per hour. Across the broader activity set, more than 10 million scraping attempts were blocked as attackers sought to monitor inventory and pricing in near-real time. AI is the root cause -- more specifically, AI's insatiable appetite for memory. Training large language models, running inference servers and supporting always-on AI workloads require massive amounts of RAM capacity. Amid the ongoing AI boom, that demand is pushing the price of high-performance DDR5 modules sharply higher. Thrown into the mix is that manufacturers have also shifted production toward higher-margin server-grade memory for data centers. That has tightened the supply of consumer-grade modules and created the kind of scarcity that attracts arbitrage. In a one-hour sample detailed in the report, 91 unique DDR5 product listings were scraped an average of 551 times each, equating to stock checks for a specific RAM kit roughly every 6.5 seconds. According to DataDome's Galileo threat research team researchers, the pattern strongly suggests automated price monitoring systems designed to purchase inventory instantly and resell it at inflated prices on secondary markets. The bots observed were not limited to scraping consumer-focused brands such as Corsair Gaming Inc., Crucial (Micron Technology Inc.) and Kingston Technology Co. Inc. But it also targeted industrial and original equipment manufacturer providers, including suppliers of DDR5 SDRAM, server modules and even hardware components such as DIMM sockets. The scalping pressure is affecting the entire DDR5 ecosystem, ranging from raw components to finished retail kits. DataDome's researchers also observed efforts to evade detection, with nearly every request including cache-busting parameters to avoid being served cached content. Sessions consisted of a single page hit followed by an immediate exit, with no cart activity or search behavior. Traffic patterns followed a human-like day-and-night rhythm but maintained flat, highly calibrated peaks that hovered just below typical volumetric alarm thresholds, which suggests that the attackers have tuned their scraping speed to avoid triggering defenses. The report concludes by suggesting that traditional IP blocking and simple rate-limiting are increasingly ineffective against such operations, particularly when bots operate through legitimate infrastructure. "Traditional security measures that rely solely on IP reputation or simple rate-limiting are virtually blind to these modern attacks," the researchers write. "If a WAF simply blocked IP ranges to stop this attack, it would break legitimate services and block real users." The researchers argue that advanced behavioral analysis is now required, analysis that is capable of identifying impossible traffic consistency and 24/7 precision.