Record web traffic and cyber threats set to disrupt holiday shopping

A new threat intelligence report from Imperva Research Labs looks at the varying cybersecurity attack risks facing the retail industry.

The findings suggest peak levels of traffic will be seen throughout the holiday shopping season as large numbers of consumers turn to online channels to purchase goods. Shortly after stay-at-home orders were issued, web traffic to retail sites spiked by as much as 28 percent over the weekly average.

But there are also a range of threats which combines with peak traffic could lead to greater issues. Malicious automated attacks are a top threat to online retailers, originating from automated bot activity. Simple bots are used in many (44.15 percent) of these attacks and function by connecting to a single, ISP-assigned IP address. The leading sources for these attacks are the United States (30.93 percent), Russia (14.39 percent) and Ukraine (12.92 percent). Bots are also increasingly used as a competitive weapon by retailers who deploy bots for price scraping and inventory trackers to keep an eye on their industry rivals.

There's also been an increase in attacks on retailer APIs from cross-site scripting (XSS) (42 percent) and SQL injection (40 percent). Cyber attacks targeting websites have already reached record levels so far in 2020, the three most common attacks being remote code execution (RCE) (21 percent), data leakage (20 percent) and cross-site scripting (XSS) (16 percent).

Imperva researchers have monitored an average of eight application layer DDoS attacks a month against online retail sites, with a significant peak occurring in April 2020, as demand for online shopping grew because of pandemic-related stay-at-home orders.

"The holiday shopping season is a crucial revenue period for retailers every year, but in 2020, they face a two-pronged threat: managing unprecedented levels of human and attack traffic to their websites and APIs," says Edward Roberts, application security strategist at Imperva. "As COVID reshuffled lives and daily habits, shoppers swarmed online retail sites at record levels. Amid this historic holiday shopping season, the retail industry is likely to experience a peak in human traffic that exceeds anything measured this year and unlike anything in recent memory. The question is how many attackers are going to hide within this expected traffic spike?"

You can find out more in a white paper available on the Imperva site.

Photo credit: pathdoc / Shutterstock