Business Wire

CA-IMPERVA

Share
Retailers Take Notice: Automated Threats Caused 62% of Security Incidents in the Past 12 Months

Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to help organizations protect their data and all paths to it, releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. A range of automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- were a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction. The continued barrage of attacks on retailers’ websites, applications, and APIs throughout the calendar year, and during the peak holiday shopping season, is a continued business risk for the retail industry.

“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”

An Automated Adversary: Bad Bots & Online Fraud Plague Retail Sites

In the past 12 months, nearly 40% of traffic on retailers’ websites didn’t come from a human. Instead, it came from a bot, software applications controlled by operators that run automated tasks, often with malicious intent. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.

Some of the key trends monitored by Imperva include:

  • Of all the traffic on retailers’ websites, nearly one-quarter (23.7%) was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots -- scripts that use the latest evasion techniques to mimic human behavior and avoid detection -- on retail sites grew over the prior year (from 23.4% to 31.1%). Advanced bots are a considerable challenge for organizations to stop without the right defenses in place.
  • In 2021, bot-related attacks on retail sites grew 10% in October and grew another 34% in November, suggesting that bot operators increase their nefarious efforts around peak holiday shopping periods.
  • Account takeover (ATO) is another form of online fraud in which cybercriminals attempt to compromise online accounts by using stolen passwords and usernames. In 2021, 64.1% of ATO attacks used an advanced bad bot. Of all login attempts on retail websites, 22.6% were malicious, nearly twice the volume that was recorded on sites across other industries. Attackers used leaked credentials 94.7% of the time in credential stuffing attacks targeting retailers, compared to 69.6% of the time in other industries.

API Abuses and Attacks Multiply, Creating New Challenges for Retailers

APIs are the invisible connective tissue that enable applications to share data and invoke digital services. Analysis by Imperva Threat Research finds that traffic from an API accounts for 41.6% of all traffic to online retailers’ sites and applications. Of that, 12% of traffic directs to endpoints, like a database, where personal data is stored (e.g. credentials, identification numbers, etc.). More concerning, 3 - 5% of API traffic is directed to undocumented or Shadow APIs, endpoints that security teams don’t know exist or no longer protect.

Exposed or vulnerable APIs are a considerable threat for retailers because attackers can use the API as a pathway for exfiltrating customer data and payment information. API abuses are often carried out through automated attacks where a botnet floods the API with unwanted traffic, seeking vulnerable applications and unprotected data. In 2021, API attacks increased by 35% between September and October, and then spiked another 22% in November on top of the previous months’ elevated attack levels. This finding suggests that bad actors scale their efforts around the holiday shopping season as more data is exchanged between the APIs and applications that power eCommerce services.

Beware of Downtime: DDoS Attacks Continue to Threaten Retailers

A distributed denial of service (DDoS) attack is an automated threat that attempts to disrupt critical business operations by flooding the network or application infrastructure with malicious traffic. The attacks are often launched by a botnet, a group of compromised connected devices that are distributed across the Internet and operated by a single party.

Imperva Threat Research finds that DDoS attacks in 2022 are larger and stronger across all industries. The number of incidents recorded that were greater than 100 Gbps doubled, and attacks larger than 500 Gbps/0.5 Tbps increased 287%. What’s more, those targeted by an attack are often attacked again within 24 hours. In fact, 55% of websites hit by an application layer DDoS and 80% hit by a network layer DDoS were attacked multiple times.

A DDoS attack is a nonstop threat for retailers. The downtime caused by a DDoS attack can lead to site disruption, reputational damage, and revenue loss. A DDoS is a critical threat to online retailers that rely on application performance and availability to enable digital storefronts.

Additional Information:

About Imperva:

Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multi-nationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.

© 2022 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20221103005435/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Perma-Pipe International Holdings, Inc. Announces Fourth Quarter and Fiscal 2024 Financial Results1.5.2025 22:24:00 CEST | Press release

The Company generated net sales of $45.0 million for the quarter and $158.4 million for the yearIncome before income taxes of $5.3 million for the quarter and $18.5 million for the yearBacklog of $138.1 million at January 31, 2025, compared to $68.5 million at January 31, 2024 Perma-Pipe International Holdings, Inc. (NASDAQ: PPIH) announced today financial results for the fourth quarter and 2024 fiscal year ended January 31, 2025. “Sales for the fourth quarter and full year 2024 show moderate growth and were $45.0 million and $158.4 million, resulting in increases of $4.8 million and $7.7 million, compared to the prior year. Income before taxes was $5.3 million and $18.5 million in the fourth quarter and for the full year 2024, which increased by $2.1 million and $8.6 million, compared to the prior year. This significant increase was a result of our focus on higher margin products and services that contributed to improved margin performance. Net income after taxes and minority interest

IFF Declares Dividend for Second Quarter 20251.5.2025 22:15:00 CEST | Press release

IFF (NYSE: IFF) announced that its Board of Directors has declared a regular quarterly cash dividend of $0.40 per share of its common stock, payable on July 11, 2025 to shareholders of record as of June 20, 2025. Welcome to IFF At IFF (NYSE: IFF), we make joy through science, creativity and heart. As the global leader in flavors, fragrances, food ingredients, health and biosciences, we deliver groundbreaking, sustainable innovations that elevate everyday products—advancing wellness, delighting the senses and enhancing the human experience.Learn more at iff.com, LinkedIn, Instagram and Facebook. © 2025 by International Flavors & Fragrances Inc. IFF is a Registered Trademark. All Rights Reserved. View source version on businesswire.com: https://www.businesswire.com/news/home/20250501776988/en/

Rimini Street Announces Fiscal First Quarter 2025 Financial and Operating Results1.5.2025 22:01:00 CEST | Press release

First Quarter Financial Highlights Include: Gross margin of 61.0% compared to 59.8% in the prior year Net Income of $3.4 million compared to $1.3 million in the prior year Billings of $79.4 million, up 7.2% year over year Adjusted EBITDA of $15.3 million compared to $10.7 million in the prior year Rimini Street, Inc. (Nasdaq: RMNI), a global provider of end-to-end enterprise software support and innovation solutions, and the leading third-party support provider for Oracle, SAP and VMware software, today announced results for the fiscal first quarter ended March 31, 2025. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250501664008/en/ Select First Quarter 2025 Financial Results Revenue was $104.2 million for the 2025 first quarter, a decrease of 2.4% compared to $106.7 million for the same period last year. U.S. revenue was $50.1 million for the 2025 first quarter, a decrease of 6.9% compared to $53.8 million for the same per

Textron Aviation Calls on Cessna, Beechcraft and Hawker Owners to Transport Athletes to the 2026 Special Olympics USA Games1.5.2025 17:31:00 CEST | Press release

Textron Aviation Inc., a Textron Inc. (NYSE:TXT) company, today announced the coordination of the ninth Special Olympics Airlift, a monumental event aimed at transporting hundreds of athletes and coaches across country to the 2026 Special Olympics USA Games in Minnesota’s Twin Cities. The company is calling on Cessna, Beechcraft and Hawker aircraft owners and operators to come together on Friday, June 19, 2026, and Saturday, June 27, 2026, to enable champions from all corners of the nation to travel to and from the host city, regardless of financial or logistical challenges. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250430812758/en/ Textron Aviation Inc. announced the coordination of the ninth Special Olympics Airlift, a monumental event aimed at transporting hundreds of athletes and coaches across country to the 2026 Special Olympics USA Games in Minnesota’s Twin Cities. (Photo credit: Textron Aviation) The Special Oly

Giovanni Brienza Appointed President of Frontline International1.5.2025 17:16:00 CEST | Press release

Longtime leader to guide day-to-day operations Frontline International, celebrating 25 years of innovation in commercial kitchen solutions, has appointed Giovanni Brienza as its new president. Founder John Palazzo will continue as CEO, focusing on strategic direction and long-term growth initiatives. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250501026483/en/ Giovanni Brienza, Frontline International President Frontline is a USA-based manufacturer of systems used globally by foodservice operations for safer, more sustainable fat, oil, and grease (FOG) management. The company’s automated solutions increase kitchen safety. Brienza, who joined Frontline in 2004, brings 21 years of operational expertise and engineering insight to his new role. He has been a key architect behind many of Frontline’s most impactful innovations, from equipment and software systems to strategically expanding the company’s footprint into key inter

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye