Online retailers could see their busiest time of the year threatened by cyber attacks that are ‘automated, unified and around the clock’.
This warning was sounded by data protection specialist Imperva, which found in its latest report that, in the last year alone, bots accounted for 40% of traffic to typical e-commerce sites. What’s more, almost 24% were using advanced techniques to avoid human detection – so they could go about their business entirely unnoticed.
Imperva warned that Christmas was a particularly dangerous time for online retailers, with hackers using the busy shopping period to get access to bumper caches of personal data or bring retailers down (knowing they could be tempted to pay a hefty premium to come back online in November and December). In fact, it found that bot-related attacks on retailers rose by 10% in October last year and 34% in November.
Perhaps the most worrying aspect of Imperva’s research is the fact that more cybercriminals than ever are automating their attacks, meaning they can happen at scale, around the clock. One example is Account Takeover, where hackers use stolen login credentials to try and get access to a customer’s account on a retail website. Rather than a hacker sitting there and entering these stolen details manually it’s done through a bot that can rattle through logins at lightning pace.
To this end, Imperva claims that nearly 23% of login attempts on retail sites in the past year came from bots.
Another danger is the Distributed Denial of Service (DDoS) attack, where hackers flood a website with traffic so the systems go down – making it easier to gain access to databases. Not only do these attacks take retail sites down when they could be processing transactions, they’re rarely isolated incidents. Hackers will often hit the same target time and again over a very short period – putting it at even greater risk of failure.
The Imperva report, quoted on computerweekly.com, warns: “A DDoS attack is a nonstop threat for retailers. The downtime caused by a DDoS attack can lead to site disruption, reputational damage and revenue loss. A DDoS is a critical threat to online retailers that rely on application performance and availability to enable digital storefront.”