Peak levels of traffic will be seen throughout the holiday shopping season as a flood of consumers turn to online channels to purchase goods, Imperva reveals.
A monthly measurement and analysis of the global cyber threat landscape across data and applications, shortly after stay-at-home orders were issued, web traffic to retail sites spiked by as much as 28 percent over the weekly average, eclipsing the record peaks from the 2019 holiday shopping season.
Cybercriminals capitalized on the chaos and shift to a remote world by launching bad bot attacks and DDoS attacks with the goal of disrupting online activities. As retailers now prepare for a surge in online holiday shopping amid the on-going global pandemic, Imperva experts urge vigilance and preparedness on the part of online businesses.
Bad bots abusing websites, mobile apps and APIs
Malicious automated attacks are a top threat to online retailers, a trend that has remained consistent before and during COVID-19. 98.04% of the attacks on online retailers detailed in the report originate from automated bot activity.
Simple bots are used in 44.15% of these attacks and function by connecting to a single, ISP-assigned IP address. The leading sources for these attacks are the United States (30.93%), Russia (14.39%) and Ukraine (12.92%).
Bots are also increasingly used as a competitive weapon by retailers who deploy bots for price scraping and inventory trackers to keep an eye on their industry rivals.
The volume of attacks on retailers’ APIs far exceeded average levels this year. The retail industry is an attractive target for cybercriminals because they retain sensitive payment data. According to Imperva researchers, the leading attack vectors for retail API attacks in 2020 are cross-site scripting (XSS) (42%) and SQL injection (40%).
Cyber attacks targeting websites have already reached record levels so far in 2020. Imperva finds the three most common attacks to be remote code execution (RCE) (21%), data leakage (20%) and cross-site scripting (XSS) (16%).
49% of these attacks in the last 12 months (49%) were carried out against retail websites hosted in the U.S. by attackers using anonymity frameworks, a common method for concealing a bad actor’s identity from the target.
Imperva researchers have seen an increase in the volume and intensity of DDoS attacks throughout 2020. Researchers monitored an average of eight application layer DDoS attacks a month against online retail sites, with a significant peak occurring in April 2020, as demand for online shopping grew because of pandemic-related stay-at-home orders.
Account takeover (ATO) attacks
Online retailers experienced more than twice (62%) as many ATO attempts than any other industry this year. Criminals use 79% of leaked credentials to defraud retail targets because it typically guarantees a higher success rate, finds Imperva researchers.
“The holiday shopping season is a crucial revenue period for retailers every year, but in 2020, they face a two-pronged threat: managing unprecedented levels of human and attack traffic to their websites and APIs,” says Edward Roberts, Application Security Strategist, Imperva.
“As COVID reshuffled lives and daily habits, shoppers swarmed online retail sites at record levels. Amid this historic holiday shopping season, the retail industry is likely to experience a peak in human traffic that exceeds anything measured this year and unlike anything in recent memory. The question is how many attackers are going to hide within this expected traffic spike?”
Roberts continues, “Imperva’s research shows that retailers face a myriad of complex cybersecurity threats today, a situation that’s been compounded by the global pandemic.
“However, managing a stack of point solutions to address each of these unique risks is a challenge for lean security teams. Instead, they should invest in an integrated platform, like Imperva Application Security, that provides protection against the leading attacks and optimizes web performance, helping businesses operate more efficiently and securely.”