Holiday Shopping Disruption Beckons as Retail Bot Attacks Surge 13%

Security experts have warned of potential disruption to the upcoming holiday shopping season after recording a double-digit year-on-year increase in bot-driven cyber-attacks so far in 2021.

Imperva’s State of Security Within eCommerce report revealed that over half (57%) of attacks targeting retail websites this year were carried out by bots, versus just 33% across other industries.

Account takeover attempts, looking to hijack customers’ accounts to steal personal and financial info, reached 33% so far in 2021, versus 26% across other verticals.

These attacks are often carried out by what Imperva describes as “sophisticated” bots, capable of mimicking human mouse movements and clicks to defeat retailers’ cyber-defenses.

They’re responsible for account takeover and denial of inventory, where items are added to account baskets to take them out of circulation, making them unavailable for legitimate customers.

This could exacerbate existing supply chain issues that threaten stock availability this holiday season, warned Imperva director of technology, Peter Klimek.

“With the global supply chain conditions worsening, retailers will not only struggle to get products to sell in Q4 but will face increased attacks from motivated cyber-criminals who want to benefit from the chaos,” he argued.

“Imperva Research Labs’ data underscores the need for retailers to invest in security that spans from edge to applications and APIs all the way to the data. Only by protecting all paths to data can retailers truly defend their critical systems and the consumers who rely on them.”

To that end, Imperva also recorded a surge in DDoS attacks, including a 200% month-on-month increase in September 2021.

The vendor warned that as retailers build out their website functionality with chatbots and web analytics and connect customers via API to features such as product search and order fulfillment tracking, their cyber-attack surface will continue to expand.

What’s Hot on Infosecurity Magazine?