CA-IMPERVA
Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to help organizations protect their data and all paths to it, releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. A range of automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- were a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction. The continued barrage of attacks on retailers’ websites, applications, and APIs throughout the calendar year, and during the peak holiday shopping season, is a continued business risk for the retail industry.
“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”
An Automated Adversary: Bad Bots & Online Fraud Plague Retail Sites
In the past 12 months, nearly 40% of traffic on retailers’ websites didn’t come from a human. Instead, it came from a bot, software applications controlled by operators that run automated tasks, often with malicious intent. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.
Some of the key trends monitored by Imperva include:
- Of all the traffic on retailers’ websites, nearly one-quarter (23.7%) was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots -- scripts that use the latest evasion techniques to mimic human behavior and avoid detection -- on retail sites grew over the prior year (from 23.4% to 31.1%). Advanced bots are a considerable challenge for organizations to stop without the right defenses in place.
- In 2021, bot-related attacks on retail sites grew 10% in October and grew another 34% in November, suggesting that bot operators increase their nefarious efforts around peak holiday shopping periods.
- Account takeover (ATO) is another form of online fraud in which cybercriminals attempt to compromise online accounts by using stolen passwords and usernames. In 2021, 64.1% of ATO attacks used an advanced bad bot. Of all login attempts on retail websites, 22.6% were malicious, nearly twice the volume that was recorded on sites across other industries. Attackers used leaked credentials 94.7% of the time in credential stuffing attacks targeting retailers, compared to 69.6% of the time in other industries.
API Abuses and Attacks Multiply, Creating New Challenges for Retailers
APIs are the invisible connective tissue that enable applications to share data and invoke digital services. Analysis by Imperva Threat Research finds that traffic from an API accounts for 41.6% of all traffic to online retailers’ sites and applications. Of that, 12% of traffic directs to endpoints, like a database, where personal data is stored (e.g. credentials, identification numbers, etc.). More concerning, 3 - 5% of API traffic is directed to undocumented or Shadow APIs, endpoints that security teams don’t know exist or no longer protect.
Exposed or vulnerable APIs are a considerable threat for retailers because attackers can use the API as a pathway for exfiltrating customer data and payment information. API abuses are often carried out through automated attacks where a botnet floods the API with unwanted traffic, seeking vulnerable applications and unprotected data. In 2021, API attacks increased by 35% between September and October, and then spiked another 22% in November on top of the previous months’ elevated attack levels. This finding suggests that bad actors scale their efforts around the holiday shopping season as more data is exchanged between the APIs and applications that power eCommerce services.
Beware of Downtime: DDoS Attacks Continue to Threaten Retailers
A distributed denial of service (DDoS) attack is an automated threat that attempts to disrupt critical business operations by flooding the network or application infrastructure with malicious traffic. The attacks are often launched by a botnet, a group of compromised connected devices that are distributed across the Internet and operated by a single party.
Imperva Threat Research finds that DDoS attacks in 2022 are larger and stronger across all industries. The number of incidents recorded that were greater than 100 Gbps doubled, and attacks larger than 500 Gbps/0.5 Tbps increased 287%. What’s more, those targeted by an attack are often attacked again within 24 hours. In fact, 55% of websites hit by an application layer DDoS and 80% hit by a network layer DDoS were attacked multiple times.
A DDoS attack is a nonstop threat for retailers. The downtime caused by a DDoS attack can lead to site disruption, reputational damage, and revenue loss. A DDoS is a critical threat to online retailers that rely on application performance and availability to enable digital storefronts.
Additional Information:
- Download the The State of Security Within e-Commerce 2022 report
- Learn how Imperva products and solutions help retailers protect their applications, APIs, and data from security risks.
- See how bad bots create business disruption across different industries.
- Check out the Imperva Blog for the latest product and solution news, and threat intelligence from Imperva Threat Research.
About Imperva:
Imperva is the comprehensive digital security leader on a mission to help organizations protect their data and all paths to it. Only Imperva protects all digital experiences, from business logic to APIs, microservices, and the data layer, and from vulnerable, legacy environments to cloud-first organizations. Customers around the world trust Imperva to protect their applications, data, and websites from cyber attacks. With an integrated approach combining edge, application security, and data security, Imperva protects companies ranging from cloud-native start-ups to global multi-nationals with hybrid infrastructure. Imperva Threat Research and our global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into our solutions.
© 2022 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20221103005435/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Elegen and Nutcracker Therapeutics to Pilot First Fully Cell-Free Manufacturing Process for RNA-based Personalized Cancer Therapeutics11.7.2025 14:00:00 CEST | Press release
Fully cell-free process aims to further democratize personalized cancer therapeutic manufacturing with shorter turnaround times and negligible bioburden and endotoxin risks. Elegen, a global leader in next-generation DNA manufacturing, and Nutcracker Therapeutics, a global leader in next-generation RNA design and manufacturing, today announced the launch of a pilot program to demonstrate the industry’s first fully synthetic, cell-free manufacturing platform for RNA-based personalized cancer therapeutics (PCTs). The pilot marks another step toward making PCTs more accessible, timely, and scalable. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250711152688/en/ As late-stage PCT clinical trials progress and therapy developers work to create the next generation of PCTs, the speed, reliability, scaling and cost of traditional production methods pose a major challenge. Specifically, the first step of DNA template production is hi
$MBG Token Pre-Sale Set for July 15 — Only 7 Million Tokens Available at $0.3511.7.2025 10:17:00 CEST | Press release
MultiBank Group, the world’s largest financial derivatives institution headquartered in Dubai, has confirmed that its highly anticipated $MBG Token pre-sale will go live on July 15, with demand expected to be intense. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250711737311/en/ With only 7 million $MBG tokens up for grabs at an exclusive entry price of $0.35, this is a rare opportunity to secure early access to what many are calling the year’s most powerful utility asset. With only 7 million tokens up for grabs at an exclusive entry price of $0.35, this is a rare opportunity to secure early access to what many are calling the year’s most powerful utility asset. Early participants can join simultaneously on MultiBank.io, the Group’s regulated crypto exchange, and Uniswap, the world’s leading decentralized platform. Supported by $29 billion in real assets and powered by over $35 billion in daily turnover, $MBG is engineered
Live Story Raises €2.7 Million to Revolutionize the Digital Experience11.7.2025 10:05:00 CEST | Press release
With a round led by Vertis, the next-generation CMS platform accelerates its focus onAI, performance, and European expansion. Target: surpass €10M in recurring revenueby 2027. Live Story, the tech company founded by Stefano Mocellini, has closed a €2.7 million seed round led by Vertis, one of Italy’s leading early-growth venture capital firms. The funding will support the company’s international expansion and technological development, with a clear goal: to exceed €10 million in annual recurringrevenue by 2027. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250711335560/en/ “We invested in Live Story because it addresses one of the major inefficiencies in digital commerce: the slow and rigid management of visual and narrative content,” says Alessandro Pontari, Partner at Vertis SGR. “The platform helps brands drastically reduce their time-to-market through a visual CMS that integrates seamlessly with any tech stack. In a wor
With a Score of 84 out of 100, Sagemcom Is Awarded the EcoVadis Platinum Medal: a Prestigious Recognition of its CSR Commitment11.7.2025 09:00:00 CEST | Press release
Sagemcom Group is proud to announce that it has been awarded, for the third time, the Platinum Medal by EcoVadis, the highest distinction granted by the leading global platform for assessing Corporate Social Responsibility (CSR) performance. This medal places Sagemcom in the top 1% of companies evaluated worldwide, across all industries. With a score of 84 out of 100, Sagemcom reaffirms its position as a committed leader in ecological transition, business ethics, sustainable supply chain management, and social responsibility. “The EcoVadis Platinum Medal is more than just an award — it is the recognition of our collective efforts to embed sustainable development principles at the heart of our corporate strategy and culture,” says Sylvaine Couleur, Executive Vice President, CSR & Communication. “Achieving this level demonstrates that our commitments are tangible, impactful, and internationally recognized. This distinction strengthens our determination to further advance and expand our C
IEEE Standards Commitment to Advancing AI Governance Includes Impactful Contributions to New International AI Standards Exchange11.7.2025 08:00:00 CEST | Press release
IEEE, the world’s largest technical professional organization dedicated to advancing technology for humanity, and its IEEE Standards Association (IEEE SA) announced today that its portfolio of over 100 global AI-related standards is included in the new International AI Standards Exchange. This Exchange is a centralized repository of international AI standards with the aim to foster collaboration and responsible AI development worldwide. IEEE and its AI global standards were recognized in the 2024 United Nations AI Advisory Body’s Report, Governing AI for Humanity, which created the impetus for the AI Standards Exchange. Due to its impactful AI standards and related work, IEEE, a major standards body, was included as a partner in the establishment of the Exchange. IEEE President and CEO Kathleen Kramer, who is speaking at the AI for Good Summit this year at the High-Level AI Standards Panel,shares, “IEEE’s mission of advancing technology for the benefit of humanity is foundational to ou
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom