
Digital security solutions provider Imperva recently released its “The State of Security Within eCommerce 2022” report which found persistent security threats plaguing online retailers.
More specifically, automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- have been an ongoing and increasingly consistent challenge for the eCommerce industry. What’s worse, the potential for these attacks is threatening online sales and customer satisfaction levels and is leaving online retailers in a bad place for sales and future growth.
While in many industries, human error is blamed for security incidents, it’s a different story in eCommerce. The types of automated threats they’re seeing are not coming from human users, in fact, but bots and software applications that are dispersed with malicious intent to run automated tasks.
Right now, with the holiday shopping season already in full swing, online retailers must be especially vigilant about these attacks and risks. One of the most popular automated attacks happening during the holiday season is the aptly named Grinch bot, which uses software to hoard and scoop up high-demand items so consumers have a hard time finding them online.
“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”
Abuse of APIs is also becoming a common security risk for retailers. They are used to enable applications to share data and invoke digital services, but some of the traffic is directed to undocumented or Shadow APIs and become vulnerable during things like botnet flood with unwanted traffic is sent into vulnerable applications for an attack on customer data and payment information. The use of these methods is especially high during holiday seasons, when online shoppers are doing more buying than usual.
Malicious bots found on retail sites have grown from 23.4 percent last year to 31.1 percent in 2021.
Another automated threat, a distributed denial of service (DDoS) attack, attempts to disrupt critical business operations by flooding malicious traffic into the network or application infrastructure.
According to findings in Imperva’s report, DDoS attacks in 2022 are larger and stronger across all industries. Fifty-five percent of websites were hit by an application layer DDoS and 80 percent were hit by a network layer DDoS and attacked multiple times.
Edited by
Erik Linask