Retailers are facing more cyberattacks ahead of holiday shopping

News
By published

Cybercrooks want to capitalize on the chaos

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

Cybercriminals are out for blood as the holiday season approaches in the midst of an unprecedented global supply chain crisis. 

The stark warning comes as a part of a new report from cybersecurity experts Imperva, which states that for some businesses, the disruptions may cause delayed shipments and ultimately - empty shelves - which could force some firms to shut up shop altogether.

Retailers should be particularly wary of three types of attacks: those coming from automated bots, distributed denial of service attacks (DDoS), and website attacks.

Bad bots

Bots can do all kinds of nasties, from price and content scraping, to scalping, to denial of inventory. This year, the volume of monthly bot attacks against retail websites is up 13%, compared to the same period last year, Imperva said, adding that the majority (57%) of attacks recorded on e-commerce websites this year were carried out by bots. 

Retail seems to be a particularly popular target for crooks, as bad bots made up just a third (33%) of total attacks on websites, in all other industries, this year. 

To make matters even worse, the proportion of sophisticated bot attacks spiked 23.4% this year, as well.

DDoS spiking

DDoS attacks spiked 200% in September, compared to the same period last year, fueled mostly by the rising threat of the Meris botnet. Over the course of the last 12 months, retail suffered the highest volume of layer 7 DDoS incidents per month, of all industries.

Even though the intensity of the attacks was relatively low this year (averaging a maximum of 35,000 requests per second (RPS)), the frequency was high. That suggests, Imperva believes, that the criminals were trying to be disruptive, without being detected. Most of application-layer DDoS attacks for the year were targeted against US-based retailers (61.6%).

As for website attacks, in the first half of the year, these were "notably higher" in the retail industry, than any other, Imperva says. A key characteristic, the report states, are "sporadic peaks". 

“The 2021 holiday shopping season is shaping up to be a nightmare for both retailers and consumers,” says Peter Klimek, Director of Technology, Office of the CTO, Imperva. “With the global supply chain conditions worsening, retailers will not only struggle to get products to sell in Q4, but will face increased attacks from motivated cybercriminals who want to benefit from the chaos."

You might also want to check out our list of the best firewall tools out there

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Don’t let holidays be your cybersecurity downfall
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Closing the cybersecurity skills gap
The critical need for watertight security across the IT supply chain
An image of network security icons for a network encircling a digital blue earth.
Standing strong against hyper-volumetric DDoS attacks
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
More about security
Email

Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A hand holding an iPhone with the iCloud logo on screen.

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government

Disappointed by The Electric State? Here's 4 reasons you should watch Tales From the Loop on Prime Video
See more latest
Most Popular
Zuckerberg Meta AI
Meta powers ahead with conscious chip uncoupling with Nvidia as it tests its first in-house training AI-PU
Email
Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Gachapon Capsure Station
Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 4: everything we know so far about the hit Prime Video show's next chapter
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
A hand holding an iPhone with the iCloud logo on screen.
"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government