Black Friday Alert as E-Commerce Attacks Surge in 2020
Security researchers are warning of a spike in cyber-attacks against retailers this year which may impact the coming Black Friday and holiday season shopping spree.
Imperva’s State of Security Within e-Commerce report was compiled using data from its various security products.
It noted several attack trends this year likely to have been influenced by the greater numbers of shoppers heading online during COVID-19 lockdowns.
First, it claimed that e-retailers experienced more than twice as many account takeover (ATO) attempts than any other industry this year — 62% of login pages were hit versus 25%. Nearly 79% of retailers suffered credential stuffing, where previously breached credentials are used in automated attacks across large numbers of sites.
This chimes with an Akamai study which found that retail accounted for over 90% of the 64 billion credential stuffing attempts detected over 2018-2020.
Bots are used to power such attempts, and indeed 98% of the attacks featured in Imperva’s report originate from automated bot activity. While many are used by cyber-criminals, bots can also be deployed by retailers for price scraping and inventory tracking of competitors, the report claimed.
Elsewhere, API attacks have surged past usual levels this year, with cross-site scripting (42%) and SQLi (40%) together accounting for the majority as attackers sought to access customer databases.
However, XSS only accounted for 16% of the total volume of attacks on retailer websites this year: more common were remote code execution (21%) and data leakage (20%) raids, with 49% aimed at US sites by attackers using anonymizing tools.
DDoS attacks have also increased in volume and intensity this year. Imperva monitored an average of eight application layer ..