SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Bad Bots and DDoS fuel record cyber risk
Fri, 27th Nov 2020
FYI, this story is more than a year old

Bad Bots and DDoS will fuel record cyber risk for the 2020 holiday shopping season, according to a new report from Imperva.

Imperva released the State of Security Within eCommerce, which illustrates the varying cybersecurity attack risks facing the retail industry and the impact the global pandemic had on the volume of attacks and web traffic.

The findings suggest peak levels of traffic will be seen throughout the holiday shopping season as a flood of consumers turn to online channels to purchase goods.

As detailed in the Imperva Cyber Threat Index -- a monthly measurement and analysis of the global cyber threat landscape across data and applications -- shortly after stay-at-home orders were issued, web traffic to retail sites spiked by as much as 28% over the weekly average, eclipsing the record peaks from the 2019 holiday shopping season.

Cybercriminals capitalised on the chaos and shift to a remote world by launching bad bot attacks and DDoS attacks with the goal of disrupting online activities. As retailers now prepare for a surge in online holiday shopping amid the on-going global pandemic, Imperva experts urge vigilance and preparedness on the part of online businesses.

The report details several concerning cyber attack trends:

  • Bad Bots abusing websites, mobile apps and APIs: Malicious automated attacks are a top threat to online retailers, a trend that has remained consistent before and during COVID-19. A majority of the attacks (98.04%) on online retailers detailed in the report originate from automated bot activity. Simple bots are used in the majority (44.15%) of these attacks and function by connecting to a single, ISP-assigned IP address. The leading sources for these attacks are the United States (30.93%), Russia (14.39%) and Ukraine (12.92%). Bots are also increasingly used as a competitive weapon by retailers who deploy bots for price scraping and inventory trackers to keep an eye on their industry rivals.
  • API Attacks: The volume of attacks on retailers' APIs far exceeded average levels this year. The retail industry is an attractive target for cybercriminals because they retain sensitive payment data. According to Imperva researchers, the leading attack vectors for retail API attacks in 2020 are cross-site scripting (XSS) (42%) and SQL injection (40%).
  • Web Attacks: Cyber attacks targeting websites have already reached record levels so far in 2020. Imperva finds the three most common attacks to be remote code execution (RCE) (21%), data leakage (20%) and cross-site scripting (XSS) (16%). The vast majority of these attacks in the last 12 months (49%) were carried out against retail websites hosted in the U.S. by attackers using anonymity frameworks, a common method for concealing a bad actor's identity from the target.  
  • DDoS Attacks: Imperva researchers have seen an increase in the volume and intensity of DDoS attacks throughout 2020. Imperva researchers monitored an average of eight application layer DDoS attacks a month against online retail sites, with a significant peak occurring in April 2020, as demand for online shopping grew because of pandemic-related stay-at-home orders.
  • Account Takeover (ATO) Attacks: Online retailers experienced more than twice (62%) as many ATO attempts than any other industry this year. Criminals use considerably more (79%) leaked credentials to defraud retail targets because it typically guarantees a higher success rate, finds Imperva researchers.
  • Client-Side Attacks: Many online retail sites are built on CMS frameworks with a plethora of third-party plugins. On average, 31 JavaScript resources are used per site, making retailers vulnerable to forms of supply chain fraud such as formjacking, data-skimming and Magecart attacks.

“The holiday shopping season is a crucial revenue period for retailers every year, but in 2020, they face a two-pronged threat: managing unprecedented levels of human and attack traffic to their websites and APIs,” says Edward Roberts, application security strategist, Imperva.

“As COVID-19 reshuffled lives and daily habits, shoppers swarmed online retail sites at record levels," he says.

"Amid this historic holiday shopping season, the retail industry is likely to experience a peak in human traffic that exceeds anything measured this year and unlike anything in recent memory. The question is how many attackers are going to hide within this expected traffic spike?

Roberts says Imperva's research shows that retailers face a myriad of complex cybersecurity threats, a situation that's been compounded by the global pandemic.

"However, managing a stack of point solutions to address each of these unique risks is a challenge for lean security teams. Instead, they should invest in an integrated platform, like Imperva Application Security, that provides protection against the leading attacks and optimises web performance, helping businesses operate more efficiently and securely."