Cybersecurity leader, Imperva has released its State of Security Within Ecommerce report, which suggests that the 2021 holiday shopping season will be further disrupted by cybercriminals looking to take advantage of the global supply chain crisis.

In the lead up to Black Friday and Cyber Monday, Imperva Research Labs has monitored a 20% increase in security incidents targeting the retail industry globally in the month of October. The incidents include attacks like account takeover, business logic manipulation by advanced bots, DDoS attacks, remote code executive and SQL injections.

Last year cybersecurity incidents in the Australian retail sector peaked from September 2020 through to January 2021, coinciding with the key holiday shopping season. While incidents did drop in February, they have remained higher than 2020 levels. To date, incidents are 12% higher this year compared to 2020 (comparing Jan-Sep 2020 to Jan-Sep 2021).

Increased levels of cybersecurity activity are a fundamental business risk for retailers from website outages to online fraud as security incidents lead to loss of sales and unhappy customers.

Malicious bots

Online retail remains a prime target for automated bot activity in 2021. Bots carry out an array of disruptive, and even malicious, activities on retail sites including price and content scraping, scalping, denial of inventory and other types of online fraud.

In 2021, the volume of monthly bot attacks on retail websites rose 13%, compared to the same months of the previous year. This underscores the growing threat retailers and consumers face from bad bot activity. Imperva Research Labs finds that a majority (57%) of attacks recorded on ecommerce websites this year were carried out by bots. In comparison, bad bots made up just 33% of the total attacks on websites in all other industries in 2021.

Bots were the top type of security incident in Australia in the past 12 months with Australia’s bot presence significantly higher than the global average (80% compared to 57% globally).

One specific type of fraud, account takeover, is a risk for consumers who have login accounts that store their credit card or payment information on ecommerce sites.

Distributed Denial of Service (DDoS) attacks

Imperva Research Labs is already seeing an uptick in DDoS attacks — spiking 200% in September 2021, compared to the month prior. Part of this uptick in activity is tied to the enormous Meris botnet that has impacted organisations globally.

Throughout the past 12 months, the retail industry experienced the highest volume of application layer (layer 7) DDoS incidents per month of all industries. Layer 7 attacks are highly effective because they consume both network and server resources. Defending against application layer attacks is difficult because it requires the ability to distinguish between attack traffic and normal traffic.

Website attacks

Attacks on retail industry websites from Q4 2020 through the first half of 2021 were notably higher than all other industries, characterised by more sporadic peaks in attacks. Retail sites experienced slightly higher volumes of Data Leakage attacks (31.3%) in 2021 compared to all industries (26.9%) as ecommerce sites are prime targets because they host shoppers’ payment information or loyalty reward points.

The top three web application attack attempts in the Australian retail sector in the past 12 months (Oct 2020 – Sep 2021) were Data Leakage (38%), Remote Code Execution (RCE) / Remote File Inclusion (RFI) (17%) and Cross Site Scripting (XSS) (16%).

The Australian retail industry saw a spike in RCE/RFI in November 2020 (28% above the average), coinciding with the Black Friday/Cyber Monday shopping period. It peaked again in March 2021 (43% above the monthly average).