SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Increase in cyber attacks driven by online holiday shopping
Fri, 18th Mar 2022
FYI, this story is more than a year old

There has been an increase in cyber attacks driven by online holiday shopping, new research has found.

Akamai Technologies has released new data detailing the prevalence of malicious botnet attacks during the holiday season in Asia. That data found a 15% increase in cyberattacks in China over the Lunar New Year in February 2022, showing that cybercriminals are actively trying to take advantage of customers during high-traffic moments.

The uptick in attacks continues a trend that began with Singles Day, the Chinese eCommerce festival, in November 2021, during which botnet attacks tripled. Despite gradually declining after, attack traffic remained relatively high through the end of the year before peaking again with the buildup of retail traffic during the Lunar New Year. This year, the Lunar New Year coincided with the start of the 2022 Winter Olympics in Beijing, further boosting online sales and making the period more attractive for attackers.

Malicious actors operate year-round, but the high volume of traffic during holiday periods allows them to mask their attacks more easily. Additionally, customers are more likely to update their online shopping profiles with up-to-date credit card information and credentials during this period, providing a more lucrative target for attackers.

As traffic increases, attackers increase the volume of their attacks, which include scraping data, draining customer accounts, damaging site functionality and holding encrypted data ransom at massive cost to a business.

"Holidays represent a huge opportunity for attackers thanks to increased online activity and security teams stretched thin," says Dr Boaz Gelbord, senior vice president and chief security officer of Akamai Technologies.

"APAC presents a particularly enticing opportunity for successful cyberattacks because the sheer volume of traffic gives attackers the opportunity to gain foothold more easily and operate freely without timely mitigation," he says.

"Akamai works with customers to develop strategies that take into account complex attack patterns and behaviours of malicious bots during the holidays and beyond to protect brands and customer loyalty."

In Japan, Akamai research measured a 150% increase in malicious botnet activity in the Japanese retail sector around the Gregorian New Year in early January 2022. The attacks persisted for a number of weeks following the holiday in a nearly identical attack pattern to that observed in China.

While a similar surge occurs during the high-traffic seen at the end-of-year holidays in EMEA and the US China and Japan present a particularly enticing opportunity for successful cyberattacks because of the sheer volume in traffic: Retailers and eCommerce here serve some of the largest populations in the world.

Akamai researchers monitored and analysed underlying malicious botnets attack data throughout APAC during the holiday period, from late 2021 to early 2022. Akamai tracks benign and malicious bots as a proportion of internet traffic year-round to uncover patterns in botnet activity that can provide security teams with actionable data to incorporate into their defense.