Business Wire

CA-IMPERVA

3.11.2022 13:02:06 CET | Business Wire | Press release

Share
Retailers Take Notice: Automated Threats Caused 62% of Security Incidents in the Past 12 Months

Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to help organizations protect their data and all paths to it, releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. A range of automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- were a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction. The continued barrage of attacks on retailers’ websites, applications, and APIs throughout the calendar year, and during the peak holiday shopping season, is a continued business risk for the retail industry.

“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”

An Automated Adversary: Bad Bots & Online Fraud Plague Retail Sites

In the past 12 months, nearly 40% of traffic on retailers’ websites didn’t come from a human. Instead, it came from a bot, software applications controlled by operators that run automated tasks, often with malicious intent. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.

Some of the key trends monitored by Imperva include:

  • Of all the traffic on retailers’ websites, nearly one-quarter (23.7%) was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots -- scripts that use the latest evasion techniques to mimic human behavior and avoid detection -- on retail sites grew over the prior year (from 23.4% to 31.1%). Advanced bots are a considerable challenge for organizations to stop without the right defenses in place.
  • In 2021, bot-related attacks on retail sites grew 10% in October and grew another 34% in November, suggesting that bot operators increase their nefarious efforts around peak holiday shopping periods.
  • Account takeover (ATO) is another form of online fraud in which cybercriminals attempt to compromise online accounts by using stolen passwords and usernames. In 2021, 64.1% of ATO attacks used an advanced bad bot. Of all login attempts on retail websites, 22.6% were malicious, nearly twice the volume that was recorded on sites across other industries. Attackers used leaked credentials 94.7% of the time in credential stuffing attacks targeting retailers, compared to 69.6% of the time in other industries.

API Abuses and Attacks Multiply, Creating New Challenges for Retailers

APIs are the invisible connective tissue that enable applications to share data and invoke digital services. Analysis by Imperva Threat Research finds that traffic from an API accounts for 41.6% of all traffic to online retailers’ sites and applications. Of that, 12% of traffic directs to endpoints, like a database, where personal data is stored (e.g. credentials, identification numbers, etc.). More concerning, 3 - 5% of API traffic is directed to undocumented or Shadow APIs, endpoints that security teams don’t know exist or no longer protect.

Exposed or vulnerable APIs are a considerable threat for retailers because attackers can use the API as a pathway for exfiltrating customer data and payment information. API abuses are often carried out through automated attacks where a botnet floods the API with unwanted traffic, seeking vulnerable applications and unprotected data. In 2021, API attacks increased by 35% between September and October, and then spiked another 22% in November on top of the previous months’ elevated attack levels. This finding suggests that bad actors scale their efforts around the holiday shopping season as more data is exchanged between the APIs and applications that power eCommerce services.

Beware of Downtime: DDoS Attacks Continue to Threaten Retailers

A distributed denial of service (DDoS) attack is an automated threat that attempts to disrupt critical business operations by flooding the network or application infrastructure with malicious traffic. The attacks are often launched by a botnet, a group of compromised connected devices that are distributed across the Internet and operated by a single party.

Imperva Threat Research finds that DDoS attacks in 2022 are larger and stronger across all industries. The number of incidents recorded that were greater than 100 Gbps doubled, and attacks larger than 500 Gbps/0.5 Tbps increased 287%. What’s more, those targeted by an attack are often attacked again within 24 hours. In fact, 55% of websites hit by an application layer DDoS and 80% hit by a network layer DDoS were attacked multiple times.

A DDoS attack is a nonstop threat for retailers. The downtime caused by a DDoS attack can lead to site disruption, reputational damage, and revenue loss. A DDoS is a critical threat to online retailers that rely on application performance and availability to enable digital storefronts.

Additional Information:

About Imperva:

Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multi-nationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.

© 2022 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20221103005435/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Incyte Data to Be Highlighted in Four Rapid Oral Presentations at the European Society for Medical Oncology (ESMO) Congress 2026 Support Efforts to Improve Outcomes in Difficult-to-Treat Cancers17.7.2026 19:10:00 CEST | Press release

Rapid oral presentations will highlight new Phase 1 data across Incyte’s solid tumor portfolioBoth INCB161734, an investigational, potent, selective and orally bioavailable KRAS G12D inhibitor, and INCA338901, a TGFβR2×PD-1 bispecific antibody, are being evaluated in ongoing Phase 3 programs as first-line treatments for patients with advanced pancreatic ductal adenocarcinoma (PDAC) and microsatellite stable (MSS) colorectal cancer, respectively Incyte (Nasdaq:INCY) today announced that it will highlight data from several programs in its oncology portfolio in six presentations at the European Society of Medical Oncology (ESMO) Congress 2026, being held October 23 - 27, 2026, in Madrid. “The data at ESMO will further illustrate Incyte’s commitment to advancing innovation for patients with cancer,” said Pablo J. Cagnoni, M.D., President, Incyte and Global Head of Research and Development. "Among the presentations are important updates from our KRAS G12D inhibitor in advanced pancreatic ca

STL Expands Its Optical Connectivity Portfolio in the US with the CONCAT Solution17.7.2026 14:24:00 CEST | Press release

STL Optical Connectivity NA, LLC, (STLOC), a U.S. subsidiary of STL (Sterlite Technologies Ltd.) [NSE: STLTECH], a leading connectivity solutions provider for AI-ready digital infrastructure, today announced that it launched its new advanced FTTH solution, CONCAT, after successfully completing field trials on the networks of one of the largest telecom service providers in the United States. Following successful field validation, CONCAT is now available to digital infrastructure providers seeking faster fiber rollouts with reduced deployment complexity and labor. It enables up to 71% in labor cost savings by eliminating most field splicing through factory-assembled, pre-connectorized fiber segments that deliver plug-and-play installation. CONCAT simplifies fiber deployment by shifting critical fiber preparation and termination into a controlled manufacturing environment ensuring consistent quality, faster installation, and lower operational risk in the field. CONCAT solution is ideal fo

Aqemia and Sanofi Expand Their Research Collaboration17.7.2026 12:30:00 CEST | Press release

A new target nomination and a milestone payment mark the next step of the multi-year partnership first announced in December 2023 Aqemia, the drug invention company combining generative AI and quantum-inspired physics to invent small molecule drugs, today announced the expansion of its multi-year research collaboration with the global pharmaceutical company, Sanofi. The expansion is marked by the nomination of a new therapeutic target and an additional payment. The collaboration, first announced in December 2023, makes Aqemia eligible to receive up to a total of $140 million in upfront and milestone payments across programs. It spans the drug discovery journey from the identification of the very first hits to the selection of a development candidate. Aqemia leverages Qemi, its proprietary physics-based generative AI platform, to design novel molecules addressing Sanofi’s targets of choice, working in close collaboration with Sanofi scientific teams. Sanofi leads wet lab research, devel

China's ~$900B Live-Commerce Market Now Approaches US E-Commerce Scale17.7.2026 12:30:00 CEST | Press release

The consumer habits reshaping global retail were built in the East — and most Western shoppers haven't yet adopted them. NIQ report shows that brands still treating live, social, and quick commerce as "emerging" risk being left behind. The center of gravity in global retail has shifted East. The formats now driving the fastest growth in global retail (live shopping, social commerce, and delivery in minutes) were pioneered and scaled in Asia, and most Western consumers have yet to adopt them. According to NIQ (NYSE: NIQ), a leading consumer intelligence company, in its global report The Commerce Revolution: Where East Meets West, the gap between East and West is still vast. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260717253489/en/ China´s USD 900bn live shopping boom now approaches the scale of the US E-commerce The scale is already substantial. China's live-commerce market alone was worth roughly $900 billion in 2025,

Ant International’s Alipay+ Connects Argentina's National QR Payment Scheme via PVS,Enabling for Cross-Border Digital Payment Nationwide at Millions of Merchants17.7.2026 12:17:00 CEST | Press release

Alipay+, a global digital payment gateway under Ant International, today announced that it will enable global travellers to make QR code payments at millions of merchants across Argentina through integration with the country's national QR payment scheme Transferencias 3.0, in partnership with PVS, a fintech company specialized in developing customized payment solutions in Latin America. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260717276406/en/ By connecting to Argentina's national QR payment scheme, Alipay+ now enables global travellers in the country to make convenient QR code payments at merchants nationwide. This service helps to enhance global travellers' travel experiences in Argentina, allowing them to pay seamlessly at restaurants, malls and tourist attractions. Using an Alipay+ partner payment app, they can now scan the national QR code displayed at all merchants to make cross-border payments across Argentina,

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye