CA-IMPERVA
3.11.2022 13:02:06 CET | Business Wire | Press release
Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to help organizations protect their data and all paths to it, releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. A range of automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- were a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction. The continued barrage of attacks on retailers’ websites, applications, and APIs throughout the calendar year, and during the peak holiday shopping season, is a continued business risk for the retail industry.
“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”
An Automated Adversary: Bad Bots & Online Fraud Plague Retail Sites
In the past 12 months, nearly 40% of traffic on retailers’ websites didn’t come from a human. Instead, it came from a bot, software applications controlled by operators that run automated tasks, often with malicious intent. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.
Some of the key trends monitored by Imperva include:
- Of all the traffic on retailers’ websites, nearly one-quarter (23.7%) was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots -- scripts that use the latest evasion techniques to mimic human behavior and avoid detection -- on retail sites grew over the prior year (from 23.4% to 31.1%). Advanced bots are a considerable challenge for organizations to stop without the right defenses in place.
- In 2021, bot-related attacks on retail sites grew 10% in October and grew another 34% in November, suggesting that bot operators increase their nefarious efforts around peak holiday shopping periods.
- Account takeover (ATO) is another form of online fraud in which cybercriminals attempt to compromise online accounts by using stolen passwords and usernames. In 2021, 64.1% of ATO attacks used an advanced bad bot. Of all login attempts on retail websites, 22.6% were malicious, nearly twice the volume that was recorded on sites across other industries. Attackers used leaked credentials 94.7% of the time in credential stuffing attacks targeting retailers, compared to 69.6% of the time in other industries.
API Abuses and Attacks Multiply, Creating New Challenges for Retailers
APIs are the invisible connective tissue that enable applications to share data and invoke digital services. Analysis by Imperva Threat Research finds that traffic from an API accounts for 41.6% of all traffic to online retailers’ sites and applications. Of that, 12% of traffic directs to endpoints, like a database, where personal data is stored (e.g. credentials, identification numbers, etc.). More concerning, 3 - 5% of API traffic is directed to undocumented or Shadow APIs, endpoints that security teams don’t know exist or no longer protect.
Exposed or vulnerable APIs are a considerable threat for retailers because attackers can use the API as a pathway for exfiltrating customer data and payment information. API abuses are often carried out through automated attacks where a botnet floods the API with unwanted traffic, seeking vulnerable applications and unprotected data. In 2021, API attacks increased by 35% between September and October, and then spiked another 22% in November on top of the previous months’ elevated attack levels. This finding suggests that bad actors scale their efforts around the holiday shopping season as more data is exchanged between the APIs and applications that power eCommerce services.
Beware of Downtime: DDoS Attacks Continue to Threaten Retailers
A distributed denial of service (DDoS) attack is an automated threat that attempts to disrupt critical business operations by flooding the network or application infrastructure with malicious traffic. The attacks are often launched by a botnet, a group of compromised connected devices that are distributed across the Internet and operated by a single party.
Imperva Threat Research finds that DDoS attacks in 2022 are larger and stronger across all industries. The number of incidents recorded that were greater than 100 Gbps doubled, and attacks larger than 500 Gbps/0.5 Tbps increased 287%. What’s more, those targeted by an attack are often attacked again within 24 hours. In fact, 55% of websites hit by an application layer DDoS and 80% hit by a network layer DDoS were attacked multiple times.
A DDoS attack is a nonstop threat for retailers. The downtime caused by a DDoS attack can lead to site disruption, reputational damage, and revenue loss. A DDoS is a critical threat to online retailers that rely on application performance and availability to enable digital storefronts.
Additional Information:
- Download the The State of Security Within e-Commerce 2022 report
- Learn how Imperva products and solutions help retailers protect their applications, APIs, and data from security risks.
- See how bad bots create business disruption across different industries.
- Check out the Imperva Blog for the latest product and solution news, and threat intelligence from Imperva Threat Research.
About Imperva:
Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multi-nationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
© 2022 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221103005435/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
The Rock-It Company Expands to Abu Dhabi, Strengthening the Capital’s Position as a Global Hub for Luxury, Culture, and Major Events11.7.2026 18:12:00 CEST | Press release
The Rock-It Company (Rock-It), one of the world’s leading providers of specialist logistics for time-critical and high-value sectors across live events and luxury goods, has expanded its footprint in the UAE to Abu Dhabi, in partnership with the Abu Dhabi Investment Office (ADIO). The expansion in the region brings Rock-It’s portfolio of renowned brands to the UAE capital to support Abu Dhabi’s vision of becoming a world-leading destination for luxury experiences, cultural attractions, and global events, while reinforcing the emirate’s position as a regional re-export hub and advanced logistics base. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260710305177/en/ Through the collaboration, Rock-It seeks to develop world-class bonded storage and logistics facilities designed to serve the group’s five core end markets: sports, live entertainment, fine art, film & television, and luxury automotive. Once complete, Rock-It’s faci
L&T Technology Services Global EI Hackathon Sparks the Next Wave of AI-Native Engineering Solutions11.7.2026 13:35:00 CEST | Press release
Nearly 4,000 participants across 770+ teams from nine global locations became a part of the 24-hour innovation challenge L&T Technology Services (BSE: 540115, NSE: LTTS), a global leader in Engineering Intelligence Solutions & ER&D Consulting Services successfully concluded Engineering Intelligence (EI) OpenHack 2026, a first-of-its-kind global innovation challenge conducted simultaneously across nine locations spanning India, the U.S. and Europe. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260711573331/en/ LTTS Global EI OpenHack at the Munich office The hackathon brought together nearly 4,000 engineers (770+ teams) from Bengaluru, Mysuru, Chennai, Hyderabad, Pune, Vadodara, Mumbai, Dallas and Munich to tackle complex engineering challenges through AI-led innovation. More than 500 challenge statements were aligned with company’s strategic growth priorities, spanning Software Defined Mobility, Plant Buildout & Modernizati
Samos Energy Acquisition Corporation Announces Pricing of Initial Public Offering10.7.2026 15:32:00 CEST | Press release
Samos Energy Acquisition Corporation (the “Company”) announced today the pricing of its initial public offering (“IPO”) of 20,000,000 units at a price of $10.00 per unit. The units will be listed on the New York Stock Exchange (the “NYSE”) and trade under the ticker symbol “SAMO.U” beginning on July 10, 2026. Each unit consists of one Class A ordinary share and one-half of one redeemable warrant, with each whole warrant entitling the holder thereof to purchase one of the Company’s Class A ordinary shares at an exercise price of $11.50 per share. Once the securities comprising the units begin separate trading, the Class A ordinary shares and warrants are expected to be listed on the NYSE under the symbols “SAMO” and “SAMO.WS,” respectively. Cantor Fitzgerald & Co. is acting as the sole book running manager for the proposed offering. The Company has granted the underwriter a 45-day option to purchase up to an additional 3,000,000 units at the IPO price. The public offering is being made
Onera hPSG® Wins Prestigious Red Dot Product Design Award10.7.2026 15:00:00 CEST | Press release
Onera Health's patch-based home polysomnography solution, Onera hPSG®, was awarded the renowned ‘Red Dot Award: Product Design 2026’ in recognition of the sensors’ innovative design, advanced functionality, and user-centric engineering. Onera Health, a leader in transforming sleep medicine, announces that its innovative product, Onera hPSG®, has been honoured with the prestigious Red Dot Product Design Award for 2026. This international recognition celebrates exceptional design quality and underscores Onera Health's commitment to excellence, creativity, and patient-centric innovation. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260710266668/en/ Onera Health's patch-based home polysomnography solution, Onera hPSG®, wins Prestigious Red Dot Product Design Award 2026. The Red Dot Award, one of the most sought-after seals of quality for good design, attracted thousands of entries from around the globe. Onera hPSG® stood out f
teamLab Biovortex Kyoto Welcomes Over 1 Million Visitors within 9 Months of Opening10.7.2026 09:00:00 CEST | Press release
teamLab Biovortex Kyoto has welcomed over 1 million visitors as of July 6, 2026, 9 months after its grand opening. (*1) These visitors arrived from more than 150 countries and regions. International visitors account for approximately 42% of the total. Many of these international visitors travel from distant countries and regions, including the United States, Australia, Canada, the United Kingdom, and Germany. Approximately 30% of these international visitors purchase their tickets at least 30 days in advance. teamLab Biovortex Kyoto is teamLab's largest museum in Japan, with an average visitor stay of over two and a half hours. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709913938/en/ teamLab Biovortex Kyoto Welcomes Over 1 Million Visitors within 9 Months of Opening *1 According to ticket purchase data from the official teamLab Biovortex Kyoto website (survey period: October 7, 2025 – July 6, 2026) Visitors Comment (M
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
