The online retail industry is one of the prime targets for cybercrime. For more information, annual analysis An overview of cybersecurity threats targeting e-commerce websites and applications.
As the 2023 holiday shopping season continues, Imperva Threat Research is closely monitoring how cybercriminals seek to disrupt and cause chaos for online retailers and shoppers.
Below are five key takeaways based on our observations of attacks during the early holiday shopping period.
Lesson #1: Web traffic steadily increases from October to November as Cyber Monday replaces Black Friday as the holiday online shopping event.
The holiday shopping season is starting earlier than ever, as evidenced by the steady increase in web traffic across retail sites from October to November.
Unlike previous years, when Black Friday was the milestone sales event of the holiday shopping season, shoppers took advantage of early November promotions and sales. In 2023, the peak in online traffic was recorded on his November 19th, and the second notable peak occurred on Cyber Monday (November 27th). In fact, his web traffic for retail sites increased by 42% on Cyber Monday than on Black Friday.
Lesson #2: The volume of malicious bots increases during the holiday shopping season
Malicious bots account for 26.3% of all web traffic to online retail websites, higher than the annual average of 22.7%. Human traffic to retail sites decreased by nearly 3%, but the percentage of high-quality bot traffic remained similar to the annual average.
Lesson #3: Account takeover (ATO) attacks are prevalent throughout the holiday shopping season
number of ATO attack It has been increasing since September, with spikes in attack activity recorded on November 8, 14, and 24 (Black Friday).
The number of attacks increased by an astonishing 85% on Black Friday. By the way, his ATO attacks on Black Friday 2022 increased by 66%.
The intensity of these attacks is also increasing. The number of malicious login requests jumped 82% from October to November.
Additionally, this holiday shopping season has seen frequent spikes in account takeover attacks targeting online retailer APIs, with the peak occurring in late October.
Key point #4: Attacks targeting retailer APIs increase as the holiday season progresses
API traffic accounted for 45.8% of all traffic to online retailers, up from 41.6% last year. With this in mind, we are seeing an increase in attacks targeting online retailers’ APIs. Attacks increased by 6% in October and another 9% in November.
These attacks are business logic Exploitation of vulnerabilities, intended functionality and processes of applications. In retail, attackers can exploit business logic to manipulate prices or gain access to restricted products.
Takeaway #5: Imperva reduces downtime due to persistent DDoS attacks
Distributed Denial of Service (DDoS) Attacks are a constant threat, with attackers attempting to overwhelm retailers’ networks and servers with large amounts of traffic. When an attack occurs, retailers are unable to handle traffic and can cause significant service disruptions.
on average, imperva There will no longer be 30 hours of downtime per retail site this holiday season. During Cyber Week alone, Imperva prevented 10 hours of downtime for each of his retail sites.
post 5 takeaways from Black Friday and Cyber Monday cyberattacks It first appeared blog.
*** This is a syndicated blog from the Security Bloggers Network. blog Written by Eles Hasson. See the original post here: https://www.imperva.com/blog/2023-black-friday-and-cyber-monday-cyber-atacks/