As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.
Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s six-month analysis (April 2024 – September 2024) revealed that AI-driven threats need to be top of mind for retailers this year. As generative AI tools and large language models (LLMs) become more widespread and advanced, cybercriminals are increasingly leveraging these technologies to scale and refine their attacks on eCommerce platforms.
Imperva Threat Research also found that retail sites collectively experience an average of 569,884 AI-driven attacks each day. Understanding what types of threats are accounting for these attacks, and how to protect against them, is critical for retail businesses to protect their company and customers this holiday season.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Business Logic Abuse Leads the Way in AI Online Retail Threats
Business logic abuse was found to be the most common AI-driven attack on retail sites, accounting for 30.7% of all attacks. Business logic abuse occurs when cybercriminals exploit the intended functionality of an application to achieve unauthorized outcomes. For example, they may manipulate promotional codes or exploit return policies to obtain goods or services at a lower price. Imperva found that indicate that nearly 50% of retailers have experienced some form of business logic abuse.
The danger of this threat is multiplied by AI’s ability to analyze patterns in user behavior and identify potential loopholes. As attackers use AI to devise more effective exploitation strategies, retailers must implement stringent controls to monitor and validate user actions on their platforms. Without these protective measures, businesses risk substantial financial losses and damage to their reputation.
DDoS Attacks Remain a Persistent Threat
Distributed Denial-of-Service (DDoS) attacks are nearly as common as business logic abuse, representing 30.6% of AI-driven threats to retailers — and they are becoming progressively more prominent. According to the Imperva 2024 DDoS Threat Landscape report, application-layer DDoS attacks on retail sites increased 61% since last year.
Application-layer DDoS attacks pose a serious threat to online retailers, especially as they prepare for increased traffic during the holiday shopping season. Cybercriminals can leverage AI to orchestrate complex DDoS attacks that overwhelm retail websites, making them inoperable.
The financial impact of a successful DDoS attack can be staggering, with businesses facing revenue loss, increased recovery costs, and potential long-term damage to their brand reputation. To combat this threat, retailers must invest in robust DDoS mitigation solutions that can identify and neutralize attacks before they disrupt operations.
Grinch Bots Continue to Wreak Havoc
Bad bots have become increasingly sophisticated, often employing AI algorithms to mimic human behavior and bypass security measures. Bad bot attacks made up 20.8% of all AI-driven attacks on retail sites. These automated threats are extremely disruptive to normal business functions, with the ability to scrape price data, launch credential stuffing attacks, and create fake accounts.
Around the holidays, retail businesses need to be particularly cautious of Grinch bots — a sophisticated scalping bot that queries online inventories and purchases the most sought-after items of the season for the purpose of reselling them at a significant markup. Grinch bots interfere with holiday sales and product launches, making it more challenging for consumers to buy popular, high-demand items.
The ability of AI to automate these processes means that bad bot attacks can scale quickly, making detection and mitigation more challenging. Retailers must enhance their bot detection capabilities to differentiate between genuine users and malicious bots. Failing to do so can result in lost sales, inventory issues, and a decline in customer satisfaction.
API Violations Emerge as a Growing Concern
As retailers increasingly rely on APIs to facilitate transactions and integrate third-party services, API violations have emerged as a pressing concern — accounting for 16.1% of AI-driven attacks on retailers. Cybercriminals can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data, often using AI to discover and exploit these weaknesses.
The retail industry experiences an average of 5,570 API attacks daily, with the majority being API violations. The potential consequences of API violations are severe, as they can lead to data breaches, financial fraud, and loss of customer trust. Retailers must prioritize API security by implementing strict access controls, conducting regular security audits, and using AI-driven monitoring solutions to detect anomalies in API usage.
Cybersecurity Tips to Stay Safe and Secure This Holiday Season
The holiday season presents a dual opportunity for retail businesses: a chance to make the most of increased consumer spending and a heightened risk of cyber threats. With the proliferation of AI tools, eCommerce businesses will encounter more advanced threats that exploit vulnerabilities and commit fraud with greater precision.
Retail businesses should follow these tips to protect their websites and customers:
By understanding the nature of AI-driven attacks and preparing for the challenges posed, retailers can better protect their operations and ensure a secure shopping experience for their customers. Continued vigilance and the adoption of advanced security technologies are crucial for keeping pace with evolving cybercriminal tactics and ensuring a safe holiday shopping season for both retailers and customers.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com