CA-IMPERVA
3.11.2022 13:02:06 CET | Business Wire | Press release
Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to help organizations protect their data and all paths to it, releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. A range of automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- were a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction. The continued barrage of attacks on retailers’ websites, applications, and APIs throughout the calendar year, and during the peak holiday shopping season, is a continued business risk for the retail industry.
“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”
An Automated Adversary: Bad Bots & Online Fraud Plague Retail Sites
In the past 12 months, nearly 40% of traffic on retailers’ websites didn’t come from a human. Instead, it came from a bot, software applications controlled by operators that run automated tasks, often with malicious intent. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.
Some of the key trends monitored by Imperva include:
- Of all the traffic on retailers’ websites, nearly one-quarter (23.7%) was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots -- scripts that use the latest evasion techniques to mimic human behavior and avoid detection -- on retail sites grew over the prior year (from 23.4% to 31.1%). Advanced bots are a considerable challenge for organizations to stop without the right defenses in place.
- In 2021, bot-related attacks on retail sites grew 10% in October and grew another 34% in November, suggesting that bot operators increase their nefarious efforts around peak holiday shopping periods.
- Account takeover (ATO) is another form of online fraud in which cybercriminals attempt to compromise online accounts by using stolen passwords and usernames. In 2021, 64.1% of ATO attacks used an advanced bad bot. Of all login attempts on retail websites, 22.6% were malicious, nearly twice the volume that was recorded on sites across other industries. Attackers used leaked credentials 94.7% of the time in credential stuffing attacks targeting retailers, compared to 69.6% of the time in other industries.
API Abuses and Attacks Multiply, Creating New Challenges for Retailers
APIs are the invisible connective tissue that enable applications to share data and invoke digital services. Analysis by Imperva Threat Research finds that traffic from an API accounts for 41.6% of all traffic to online retailers’ sites and applications. Of that, 12% of traffic directs to endpoints, like a database, where personal data is stored (e.g. credentials, identification numbers, etc.). More concerning, 3 - 5% of API traffic is directed to undocumented or Shadow APIs, endpoints that security teams don’t know exist or no longer protect.
Exposed or vulnerable APIs are a considerable threat for retailers because attackers can use the API as a pathway for exfiltrating customer data and payment information. API abuses are often carried out through automated attacks where a botnet floods the API with unwanted traffic, seeking vulnerable applications and unprotected data. In 2021, API attacks increased by 35% between September and October, and then spiked another 22% in November on top of the previous months’ elevated attack levels. This finding suggests that bad actors scale their efforts around the holiday shopping season as more data is exchanged between the APIs and applications that power eCommerce services.
Beware of Downtime: DDoS Attacks Continue to Threaten Retailers
A distributed denial of service (DDoS) attack is an automated threat that attempts to disrupt critical business operations by flooding the network or application infrastructure with malicious traffic. The attacks are often launched by a botnet, a group of compromised connected devices that are distributed across the Internet and operated by a single party.
Imperva Threat Research finds that DDoS attacks in 2022 are larger and stronger across all industries. The number of incidents recorded that were greater than 100 Gbps doubled, and attacks larger than 500 Gbps/0.5 Tbps increased 287%. What’s more, those targeted by an attack are often attacked again within 24 hours. In fact, 55% of websites hit by an application layer DDoS and 80% hit by a network layer DDoS were attacked multiple times.
A DDoS attack is a nonstop threat for retailers. The downtime caused by a DDoS attack can lead to site disruption, reputational damage, and revenue loss. A DDoS is a critical threat to online retailers that rely on application performance and availability to enable digital storefronts.
Additional Information:
- Download the The State of Security Within e-Commerce 2022 report
- Learn how Imperva products and solutions help retailers protect their applications, APIs, and data from security risks.
- See how bad bots create business disruption across different industries.
- Check out the Imperva Blog for the latest product and solution news, and threat intelligence from Imperva Threat Research.
About Imperva:
Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multi-nationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
© 2022 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221103005435/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Kioxia and Sandisk Begin Production of 10th-Generation 3D Flash Memory Products atKitakami Plant Fab23.7.2026 12:19:00 CEST | Press release
Companies Showcase Ongoing Buildout of Manufacturing Infrastructure at K2 to Address Growing Demand for NAND Flash Kioxia Corporation, a subsidiary of Kioxia Holdings Corporation (TOKYO: 285A) and Sandisk Corporation (Nasdaq: SNDK) today announced the start of production for their 10th-generation 3D Flash memory technology at Fab2 (K2) at the Kitakami Plant in Iwate Prefecture in Japan. The milestone comes as the companies continue to drive meaningful, multi-year bit growth to address the strong demand for their innovative flash memory technology. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260702296115/en/ Unveiling ceremony for the K2 facility In conjunction with the start of production, the companies held an unveiling ceremony for the K2 facility. Opening in September 2025, the facility has produced the companies’ 8th-generation 3D flash memory products and will begin to scale production with the introduction of their
VeriSilicon Introduces CPP2000 Camera Post-Processing IP for Embodied Robotics and Mobile Vision Applications3.7.2026 12:02:00 CEST | Press release
Enhancing image quality and visual perception for moving-camera systems VeriSilicon (688521.SH) today announced its high-performance CPP2000 Camera Post-Processing (CPP) IP, expanding the company’s Image Signal Processing (ISP) solutions with advanced post-processing capabilities. By improving image quality and visual perception in mobile imaging scenarios, CPP2000 enables more reliable vision performance in robotics, drones, and other mobile vision applications. CPP2000 integrates multiple image processing technologies and can further optimize YUV images output from image signal processors. The IP supports image and video processing at up to 8K resolution and offers multiple hardware configuration options to meet diverse requirements in Power, Performance, Area (PPA), and latency across different applications. CPP2000 leverages the combined operation of multiple image processing technologies, including motion-compensated temporal filtering, advanced spatial noise reduction, chroma adj
Messer Acquires Singapore-Based Industrial Gas Platform; Japan Corporate Advisory Institute Advises Sellers3.7.2026 11:11:00 CEST | Press release
Acquisition of WKS Group strengthens Messer’s Southeast Asia presence Messer, the world’s largest privately held specialist for industrial, medical, electronic and specialty gases, has acquired WKS Group, a Singapore-based industrial gas platform with operations across Singapore and southern Malaysia. Transaction terms were not disclosed. Messer reported consolidated sales of approximately EUR 4.5 billion for its 2025 financial year. Founded in Singapore in 1977, WKS Group comprises six companies and employs approximately 195 people across Singapore and southern Malaysia. The acquisition expands Messer’s operating footprint in Southeast Asia and strengthens its access to key industrial clusters across the region. “We are pleased to have completed this transaction with Messer, whose strategic vision makes them an excellent partner for WKS Group,” said Mr. Wong Koh Hoi, shareholder of WKS Group. “We appreciate JCAI’s professionalism and dedication throughout the process, and their expert
Access Advance Welcomes Meta Platforms, Inc. and Alibaba Group to the Video Distribution Patent Pool3.7.2026 01:00:00 CEST | Press release
Access Advance LLC today announced that Meta Platforms, Inc., one of the world's largest distributors of video content across its Facebook, Instagram, Threads, and WhatsApp services, has joined the Video Distribution Patent Pool (VDP Pool) as a Licensee. Meta also joined both the HEVC Advance and VVC Advance pools as a Licensee. Alibaba Group, whose video infrastructure spans a wide range of video-based services across e-commerce, entertainment, and digital media platforms, was also announced as a VDP Pool Licensee this week. Meta and Alibaba joining the VDP Pool further reinforces the program’s market leading position in resolving the licensing issues around the use of modern video codecs, including VP9, AV1, HEVC and VVC, across all the diverse business models of internet video streaming. "A significant U.S.-based company like Meta joining as a Licensee is a milestone moment for the content distribution business and the VDP Pool," said Peter Moller, CEO of Access Advance. "Meta reach
Kioxia Commences Sample Shipments of 10th-Generation BiCS FLASH™ Devices Delivering High Performance, High Capacity and Low Power Consumption3.7.2026 01:00:00 CEST | Press release
Production planned at Fab2 of Kitakami Plant Kioxia Corporation, a world leader in memory solutions, today announced that it has commenced sample shipments of 1Tb (terabit) Triple-Level-Cell (TLC) memory devices utilizing its 10th-generation BiCS FLASH™ 3D flash memory technology.1 These will be primarily integrated into the company’s enterprise and data center SSDs, strengthening Kioxia’s lineup to meet the growing demand for AI storage, which requires higher performance, higher capacity, and lower power consumption. These new products will be manufactured using state-of-the-art equipment at Kioxia’s Kitakami Plant Fab2 facility in Iwate Prefecture, Japan. By leveraging innovative CMOS directly Bonded to Array (CBA) technology2 and On-Pitch Select Gate Drain (OPS) technology,3 both adopted since the 8th-generation BiCS FLASH™, the 10th-generation technology achieves a NAND interface speed of 4.8 Gb/s,4 a 33% improvement over the 8th generation. Bit density has increased by 59% by stac
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
