Retailers are facing more cyberattacks ahead of holiday shopping

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

Cybercriminals are out for blood as the holiday season approaches in the midst of an unprecedented global supply chain crisis. 

The stark warning comes as a part of a new report from cybersecurity experts Imperva, which states that for some businesses, the disruptions may cause delayed shipments and ultimately - empty shelves - which could force some firms to shut up shop altogether.

Retailers should be particularly wary of three types of attacks: those coming from automated bots, distributed denial of service attacks (DDoS), and website attacks.

Bad bots

Bots can do all kinds of nasties, from price and content scraping, to scalping, to denial of inventory. This year, the volume of monthly bot attacks against retail websites is up 13%, compared to the same period last year, Imperva said, adding that the majority (57%) of attacks recorded on e-commerce websites this year were carried out by bots. 

Retail seems to be a particularly popular target for crooks, as bad bots made up just a third (33%) of total attacks on websites, in all other industries, this year. 

To make matters even worse, the proportion of sophisticated bot attacks spiked 23.4% this year, as well.

DDoS spiking

DDoS attacks spiked 200% in September, compared to the same period last year, fueled mostly by the rising threat of the Meris botnet. Over the course of the last 12 months, retail suffered the highest volume of layer 7 DDoS incidents per month, of all industries.

Even though the intensity of the attacks was relatively low this year (averaging a maximum of 35,000 requests per second (RPS)), the frequency was high. That suggests, Imperva believes, that the criminals were trying to be disruptive, without being detected. Most of application-layer DDoS attacks for the year were targeted against US-based retailers (61.6%).

As for website attacks, in the first half of the year, these were "notably higher" in the retail industry, than any other, Imperva says. A key characteristic, the report states, are "sporadic peaks". 

“The 2021 holiday shopping season is shaping up to be a nightmare for both retailers and consumers,” says Peter Klimek, Director of Technology, Office of the CTO, Imperva. “With the global supply chain conditions worsening, retailers will not only struggle to get products to sell in Q4, but will face increased attacks from motivated cybercriminals who want to benefit from the chaos."

You might also want to check out our list of the best firewall tools out there

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.