The Imperva Threat Research’s State of Security Within eCommerce 2022 report had identified cyber threats that online retailers face throughout the year, such as attacks on retailers’ websites, Account takeover (ATO), credit card fraud, web scraping, API abuse, Grinch bots and distributed denial of service (DDoS), and APIs that pose a persistent business risk to retailers.
According to the report, nearly 40 per cent of the traffic to retailers’ websites last year came from a bot, not humans, that is, software applications controlled by operators that perform automated tasks, often with malicious intent. The infamous Grinch bot is notorious in the retail industry for hoarding inventory during the holiday shopping season, siphoning off coveted items and making it more difficult for consumers to buy gifts online.
Almost a quarter (23.7 per cent) of all traffic to retailers’ websites is the result of bad bots, malicious automation that contributes to online fraud, and the proportion of advanced bots (scripts that mimic human behavior and prevent them from being detected on retail websites rose from 23.4 per cent to 31.1 per cent last year. Without the proper defenses in place, advanced bots pose a significant challenge for organizations to combat.
Bot-related attacks on retail sites increased by 10 per cent in October and 34 per cent in November 2021, suggesting that bot operators are ramping up their nefarious efforts around peak shopping time. In 2021, 64 per cent of all ATO attacks used a sophisticated bad bot. 23 per cent of all login attempts on retail websites were malicious, almost twice as many as on websites in other industries. Attacks on retailers that contained login credentials used leaked credentials 95 per cent of the time, compared to 70 per cent of the time in other industries.
The sources for this piece include an article in InternetRetailing.