Retailers facing more bot attacks than ever
Retailers are the most common credential stuffing attack victim
From May to December of last year, hackers directed credential abuse attempts at retail sites more than 10bn times according to new research from Akamai.
The firm's 2019 State of the Internet / Security: Retail Attacks and API Traffic report shed light on the fact that the retail industry was the most targeted segment by hackers while also highlighting the prevalence of API-call traffic on the web and the misrepresentation of Ipv6-based traffic.
Akamai studied the credential abuse technique known as credential stuffing for its report and examined how hackers have begun to employ botnets to steal login credentials from retail websites. These stolen credentials are used to compromise accounts from which hackers acquire retail merchandise and resell it for cash.
- Bots try to break the internet, and other trends for 2019
- Breaking the credential reuse cycle
- Half of malicious emails tied to credential phishing
According to the report, the AIO bots deployed by hackers are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques. For example, a single AIO bot can target over 120 retailers at the same time.
Credential abuse
Media and entertainment properties are notable credential abuse victims as well due to the highly valuable personal information these sites maintain. Since end users share their credit card information and demographic data when signing up for over-the-top (OTT) online streaming services, this data is particularly valuable to hackers who sell it on the black market.
Akamai also noted significant numbers of credential abuse attacks launched against financial services, hotel and travel and consumer goods sites.
Security Researcher and Editorial Director of the company's latest report, Martin McKeay explained why retail sites have become a high value target for hackers in a statement, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
"The techniques change, but the motivation remains the same: greed. Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: Apparel sites are targeted the most."
- We've also highlighted the best antivirus to help protect you from the latest cyber threats
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.