Automated threats responsible for 62 percent of eCommerce security incidents
Automated threats, ranging from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and DDoS attacks, are a persistent challenge for the eCommerce industry, according to a new report.
Cybersecurity company Imperva has conducted a 12-month analysis of threats targeting the retail industry. A continued barrage of attacks on retailers’ websites, applications, and APIs throughout the year and during peak holiday shopping times is a continued business risk for the retail industry.
"The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers' bottom line again in 2022," says Lynn Marks, senior product manager at Imperva. "This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers."
Over the last year 40 percent of traffic on retail websites didn't come from humans. Instead, it came from bots. Such as the Grinch bot which is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it harder for consumers to purchase gifts online.
Of all the traffic on retail websites 23.7 percent is attributed specifically to bad bots. The proportion of advanced bots -- scripts that use the latest evasion techniques to mimic human behavior and avoid detection -- on retail sites has grown over the previous year from 23.4 percent to 31.1 percent.
Bot-related attacks on retail sites grew 10 percent in October and another 34 percent in November, suggesting that bot operators increase their efforts around peak holiday shopping periods.
Exposed or vulnerable APIs are also a considerable threat for retailers because attackers can use the API as a pathway for exfiltrating customer data and payment information. In 2021, API attacks increased by 35 percent between September and October, and then spiked another 22 percent in November
You can get the full report from the Imperva site.