Imperva® report details the array of complex cyber attacks targeting online retailers
SAN MATEO, Calif. — Nov. 19, 2020 — Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to protect data and all paths to it, releases the State of Security Within e-Commerce, a new threat intelligence report from Imperva Research Labs. The report illustrates the varying cybersecurity attack risks facing the retail industry and the impact the global pandemic had on the volume of attacks and web traffic. The findings suggest peak levels of traffic will be seen throughout the holiday shopping season as a flood of consumers turn to online channels to purchase goods.
As detailed in the Imperva Cyber Threat Index — a monthly measurement and analysis of the global cyber threat landscape across data and applications — shortly after stay-at-home orders were issued, web traffic to retail sites spiked by as much as 28 percent over the weekly average, eclipsing the record peaks from the 2019 holiday shopping season. Cybercriminals capitalized on the chaos and shift to a remote world by launching bad bot attacks and DDoS attacks with the goal of disrupting online activities. As retailers now prepare for a surge in online holiday shopping amid the on-going global pandemic, Imperva experts urge vigilance and preparedness on the part of online businesses.
The report details several concerning cyber attack trends:
- Bad Bots abusing websites, mobile apps and APIs: Malicious automated attacks are a top threat to online retailers, a trend that has remained consistent before and during COVID-19. A majority of the attacks (98.04%) on online retailers detailed in the report originate from automated bot activity. Simple bots are used in the majority (44.15%) of these attacks and function by connecting to a single, ISP-assigned IP address. The leading sources for these attacks are the United States (30.93%), Russia (14.39%) and Ukraine (12.92%). Bots are also increasingly used as a competitive weapon by retailers who deploy bots for price scraping and inventory trackers to keep an eye on their industry rivals.
- API Attacks: The volume of attacks on retailers’ APIs far exceeded average levels this year. The retail industry is an attractive target for cybercriminals because they retain sensitive payment data. According to Imperva researchers, the leading attack vectors for retail API attacks in 2020 are cross-site scripting (XSS) (42%) and SQL injection (40%).
- Web Attacks: Cyber attacks targeting websites have already reached record levels so far in 2020. Imperva finds the three most common attacks to be remote code execution (RCE) (21%), data leakage (20%) and cross-site scripting (XSS) (16%). The vast majority of these attacks in the last 12 months (49%) were carried out against retail websites hosted in the U.S. by attackers using anonymity frameworks, a common method for concealing a bad actor’s identity from the target.
- DDoS Attacks: Imperva researchers have seen an increase in the volume and intensity of DDoS attacks throughout 2020. Imperva researchers monitored an average of eight application layer DDoS attacks a month against online retail sites, with a significant peak occurring in April 2020, as demand for online shopping grew because of pandemic-related stay-at-home orders.
- Account Takeover (ATO) Attacks: Online retailers experienced more than twice (62%) as many ATO attempts than any other industry this year. Criminals use considerably more (79%) leaked credentials to defraud retail targets because it typically guarantees a higher success rate, finds Imperva researchers.
“The holiday shopping season is a crucial revenue period for retailers every year, but in 2020, they face a two-pronged threat: managing unprecedented levels of human and attack traffic to their websites and APIs,” says Edward Roberts, Application Security Strategist, Imperva. “As COVID reshuffled lives and daily habits, shoppers swarmed online retail sites at record levels. Amid this historic holiday shopping season, the retail industry is likely to experience a peak in human traffic that exceeds anything measured this year and unlike anything in recent memory. The question is how many attackers are going to hide within this expected traffic spike?”
Roberts continues, “Imperva’s research shows that retailers face a myriad of complex cybersecurity threats today, a situation that’s been compounded by the global pandemic. However, managing a stack of point solutions to address each of these unique risks is a challenge for lean security teams. Instead, they should invest in an integrated platform, like Imperva Application Security, that provides protection against the leading attacks and optimizes web performance, helping businesses operate more efficiently and securely.”
How Imperva Helps Stop These Threats
Imperva Application Security provides multi-layered protection to make applications and websites always available, always user-friendly and always secure. The company’s flagship Web Application & API Protection (WAAP) solution stops advanced cybersecurity threats from a unified platform with multiple market-leading products: Web Application Firewall (WAF), DDoS protection, Runtime Application Self-Protection (RASP), API security, Advanced Bot Protection, Client-Side Protection, Content Delivery Network and Attack Analytics.
- Download the State of Security within E-Commerce report here
- Learn more about the integrated Imperva Application Security product suite
- Check out the Imperva Blog for the latest product and solution news, and threat intelligence from Imperva Research Labs
Imperva is the cybersecurity leader whose mission is to protect data and all paths to it. Imperva protects the data of over 6,200 customers from cyber attacks through all stages of their digital journey. Imperva Research Labs and our global intelligence community enable Imperva to stay ahead of the threat landscape and seamlessly integrate the latest security, privacy and compliance expertise into our solutions.