Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
According to a 12-month analysis by Imperva Research Labs of cybersecurity risks impacting ecommerce, 57% of all attacks recorded on ecommerce websites were carried out by bots in 2021, compared to 33% for all other industries.
The report reveals that the ecommerce industry remains a prime target for cybercrime. As global supply chain challenges continue into the 2021 holiday shopping season, retailers could see further disruptions caused by cyberattacks.
Automated bot activity is a pervasive threat for ecommerce. In 2021, the volume of monthly bot attacks on retail sites increased 13% compared to 2020. Particularly noteworthy: The proportion of sophisticated bad bots on retail websites also grew in 2021. This breed of bot is the hardest to stop because they produce mouse movements and clicks that resemble human behavior. Sophisticated bots evade simple defenses and are responsible for account takeover, fraud, and denial of inventory that makes it harder for legitimate shoppers to get the goods they want.
Web application attack patterns from Q4 2020 through the first half of 2021 were characterized by unique traffic spikes that coincided with periods of high shopper activity. Data leakage ranked as the leading attack type, targeting shoppers’ payment information or loyalty reward points. It accounts for nearly one-third of all retail web application attacks (31.3%) in 2021, a higher percentage compared to all other industries (26.9%).
In a finding that more directly affects consumers, 32.8% of all retail logins observed in 2021 were account takeover (ATO) attempts — higher than the 25.5% average across all other industries. Account takeovers are an acute risk for consumers with credit card or payment information stored on ecommerce sites.
A startling finding was that DDoS incidents on ecommerce sites spiked 200% in September 2021. While a moderate rise in DDoS incidents is not unusual for online retailers when holiday shopping begins, this year’s sharp increase is unique — presumably a result of the Meris botnet. If this trend persists, online retailers should expect higher levels of DDoS incidents throughout the holiday season, a threat for online retailers that cannot afford downtime.
Research for the 2021 Imperva State of Security Within eCommerce Report was conducted using anonymized retailer data collected by several Imperva products from September 2020 through September 2021.
Read the full report by Imperva.