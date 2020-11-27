f5-nz logo
Story image

Bad Bots and DDoS fuel record cyber risk

27 Nov 2020
Shannon Williams
Share:

Bad Bots and DDoS will fuel record cyber risk for the 2020 holiday shopping season, according to a new report from Imperva. 

Imperva released the State of Security Within e-Commerce, which illustrates the varying cybersecurity attack risks facing the retail industry and the impact the global pandemic had on the volume of attacks and web traffic. 

The findings suggest peak levels of traffic will be seen throughout the holiday shopping season as a flood of consumers turn to online channels to purchase goods.

As detailed in the Imperva Cyber Threat Index -- a monthly measurement and analysis of the global cyber threat landscape across data and applications -- shortly after stay-at-home orders were issued, web traffic to retail sites spiked by as much as 28% over the weekly average, eclipsing the record peaks from the 2019 holiday shopping season. 

Cybercriminals capitalised on the chaos and shift to a remote world by launching bad bot attacks and DDoS attacks with the goal of disrupting online activities. As retailers now prepare for a surge in online holiday shopping amid the on-going global pandemic, Imperva experts urge vigilance and preparedness on the part of online businesses.

The report details several concerning cyber attack trends:

  • Bad Bots abusing websites, mobile apps and APIs: Malicious automated attacks are a top threat to online retailers, a trend that has remained consistent before and during COVID-19. A majority of the attacks (98.04%) on online retailers detailed in the report originate from automated bot activity. Simple bots are used in the majority (44.15%) of these attacks and function by connecting to a single, ISP-assigned IP address. The leading sources for these attacks are the United States (30.93%), Russia (14.39%) and Ukraine (12.92%). Bots are also increasingly used as a competitive weapon by retailers who deploy bots for price scraping and inventory trackers to keep an eye on their industry rivals.
  • API Attacks: The volume of attacks on retailers’ APIs far exceeded average levels this year. The retail industry is an attractive target for cybercriminals because they retain sensitive payment data. According to Imperva researchers, the leading attack vectors for retail API attacks in 2020 are cross-site scripting (XSS) (42%) and SQL injection (40%).
  • Web Attacks: Cyber attacks targeting websites have already reached record levels so far in 2020. Imperva finds the three most common attacks to be remote code execution (RCE) (21%), data leakage (20%) and cross-site scripting (XSS) (16%). The vast majority of these attacks in the last 12 months (49%) were carried out against retail websites hosted in the U.S. by attackers using anonymity frameworks, a common method for concealing a bad actor’s identity from the target.  
  • DDoS Attacks: Imperva researchers have seen an increase in the volume and intensity of DDoS attacks throughout 2020. Imperva researchers monitored an average of eight application layer DDoS attacks a month against online retail sites, with a significant peak occurring in April 2020, as demand for online shopping grew because of pandemic-related stay-at-home orders.
  • Account Takeover (ATO) Attacks: Online retailers experienced more than twice (62%) as many ATO attempts than any other industry this year. Criminals use considerably more (79%) leaked credentials to defraud retail targets because it typically guarantees a higher success rate, finds Imperva researchers.
  • Client-Side Attacks: Many online retail sites are built on CMS frameworks with a plethora of third-party plugins. On average, 31 JavaScript resources are used per site, making retailers vulnerable to forms of supply chain fraud such as formjacking, data-skimming and Magecart attacks.

“The holiday shopping season is a crucial revenue period for retailers every year, but in 2020, they face a two-pronged threat: managing unprecedented levels of human and attack traffic to their websites and APIs,” says Edward Roberts, application security strategist, Imperva. 

“As COVID reshuffled lives and daily habits, shoppers swarmed online retail sites at record levels," he says.

"Amid this historic holiday shopping season, the retail industry is likely to experience a peak in human traffic that exceeds anything measured this year and unlike anything in recent memory. The question is how many attackers are going to hide within this expected traffic spike?”

Roberts says Imperva’s research shows that retailers face a myriad of complex cybersecurity threats, a situation that’s been compounded by the global pandemic. 

"However, managing a stack of point solutions to address each of these unique risks is a challenge for lean security teams. Instead, they should invest in an integrated platform, like Imperva Application Security, that provides protection against the leading attacks and optimises web performance, helping businesses operate more efficiently and securely."

Related stories:
Increase in scams expected for NZ and Australia during holiday shopping season
DDoS campaigns, BEC scams & Emotet: CERT NZ reports top security threats
2020's nastiest malware revealed
Radware launches DDoS protection for online gaming
Consumer demands shift as contactless deliveries and hygiene features become the norm
New detection tool aims to catch Twitter bots in real time
Dig deeper:
Bots Online shopping Imperva DDoS
Story image
GitHub shares 'greatest hits' open source repositories with historic libraries
Barely 12 months after launching an initiative to preserve open source software for future generations, GitHub is now sharing these collections with major libraries around the world.More
Story image
Zendesk, WhatsApp enter partnership to expand customer service offerings
“Businesses today need to meet their customers where they want to be met - and that’s increasingly through messaging."More
Story image
Increase in scams expected for NZ and Australia during holiday shopping season
One of the biggest scams to be aware of this shopping season are phishing attacks.More
Story image
NZ telco industry welcomes ComCom 111 Contact Code
The telecommunications industry is committed to ensuring vulnerable customers can continue to access emergency services.More
Story image
Hands-on review: Zhiyun Smooth X VS Zhiyun Smooth Xs
Often users do not take full advantage of what their phone cameras have to offer. This is exactly what Zhiyuns’s smooth X and smooth Xs accessories are for. More
Story image
Hands-on review: Fitbit Versa 3, the actual star of the smartwatch show
This year Fitbit released the Versa 3, and just like the first two, it did not disappoint. More
Story image
GitHub shares 'greatest hits' open source repositories with historic libraries
Barely 12 months after launching an initiative to preserve open source software for future generations, GitHub is now sharing these collections with major libraries around the world.More
Story image
Zendesk, WhatsApp enter partnership to expand customer service offerings
“Businesses today need to meet their customers where they want to be met - and that’s increasingly through messaging."More
Story image
Increase in scams expected for NZ and Australia during holiday shopping season
One of the biggest scams to be aware of this shopping season are phishing attacks.More
Story image
NZ telco industry welcomes ComCom 111 Contact Code
The telecommunications industry is committed to ensuring vulnerable customers can continue to access emergency services.More
Story image
Hands-on review: Zhiyun Smooth X VS Zhiyun Smooth Xs
Often users do not take full advantage of what their phone cameras have to offer. This is exactly what Zhiyuns’s smooth X and smooth Xs accessories are for. More
Story image
Hands-on review: Fitbit Versa 3, the actual star of the smartwatch show
This year Fitbit released the Versa 3, and just like the first two, it did not disappoint. More
Story image
Cybercriminals are leveraging AI for malicious use
"At a time where the public is getting increasingly concerned about the possible misuse of AI, we have to be transparent about the threats."More
Story image
Spark 5G helps to bring art to live in Dunedin
Dunedin Central has entered a new reality - an augmented reality that brings local street art to life.More
Story image
AI, biometrics and 5G amongst the eight cybersecurity trends that will shape 2021
"The only way to stay one step ahead of the attackers is to know what they are planning and to be prepared."More
Story image
IDTechEx: the role of emerging tech in fighting COVID-19
2020 will go down in history for the year of the global pandemic, but also for the rise of innovative digital technologies.More
Story image
RMIT researchers create ‘light-powered’ AI chip
The nanoscale advance combines the core software needed to drive artificial intelligence with image-capturing hardware in a single electronic device.More
Story image
DDoS campaigns, BEC scams & Emotet: CERT NZ reports top security threats
It has been yet another tumultuous quarter for New Zealanders and their wallets, with almost $6.4 million in reported financial losses due to cybersecurity incidents.More
Story image
Night City Wire reveals more Cyberpunk 2077 details
The most anticipated gaming launch of 2020, that of Cyberpunk 2077, is almost upon us.More
Story image
Hands-on review: OPPO Reno 4 and Reno 4 Pro 5G
If you use a phone for professional-looking photos and great video content, both these models deserve your attention.More
Story image
Apple launches App Store Small Business Programme
Developers can qualify for the programme and a reduced 15% commission if they earned up to US$1 million in proceeds during the previous calendar year.More
Story image
Game review: Godfall (PS5)
This game arguably has the best graphics that you will see on the PS5 thus far. More
Story image
NZ telco industry's two golden rules for avoiding phone scams
“If something doesn’t feel right it probably isn’t. Hang up and report the call to your phone provider.”More
Story image
Canalys: Chromebooks on top of 2020 PC market
Chromebooks were the best performing client PC product in Q3, as shipments grew 122% to a total of 9.4 million – tablets are making a comeback.More
Story image
Game review - Sackboy: A Big Adventure
Graphically, this game looks good for a PS5 launch title. Not only are the levels very colourful, but the game runs smoothly at 4K and 60fps.More
Story image
Game reviewDevil May Cry V: Special Edition (Xbox Series X)
It goes without saying that last year’s release of Devil May Cry V was a huge success. The game got great reviews from critics, and most importantly the fans started to love the franchise once more. More
Story image
Apple unveils new line of MacBooks and Mac mini, plus a new chip
All three products will be shipped with the new M1 chip, which Apple touts as ‘the most powerful chip’ it has ever made. All of the new Macs will also feature the updated macOS, Big Sur.More
Story image
Seven Dunedin game developers granted $450k
The funding, which is part of a wider $10 million allocation, is designed to create and nurture the game development industry in the region.More
Story image
Facial recognition control solution hits A/NZ
The facial recognition reader scans users’ faces to identify them before providing access.More
Story image
Vodafone NZ to roll out Amazon Connect in contact centres
The moves makes Vodafone New Zealand the first telecommunications provider in New Zealand to implement the solution. More
Story image
Hands-on review: The Sony PlayStation 5 console
The PS5 is a great new generation console that improves the graphics of games, and also offers faster loading times. It’s also worth mentioning that the DualSense controller is innovative and will provide new experiences for the player. More
Story image
Epic Games drags Apple through AU court as Fortnite spat continues
Much of this drama stems from a feud that started back in August, which is all to do with in-app purchases for Fortnite.More
Story image
2020's most wanted malware: Trickbot and Emotet trojans driving spike in ransomware attacks
"We've seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organisations scrambled to support remote workforces."More
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More
New Zealanders more willing to share location data following COVID - report
Use of location data by government agencies is broadly preferred over private companies.More
D-Link A/NZ launches two new gigabit wi-fi routers
The two new routers are outfitted with a host of hardware and software functions for varying users.More
Hands-on impressions with Demon’s Souls on PS5
Death is something that you will experience in this game over and over again. If you don’t like dying and repeating sections of games, you’re better off playing something else.More
Hands-on review: Nextbase 522GW Dash Cam
It has all the makings of a very good brand – the hardware and camera quality are great, but the firmware and software are what kind of let this down.More
Hands-on review: Bose Sport Earbuds
Despite not being noise-cancelling, the Sport Earbuds come with an abundance of features that make them a great option for anyone in the market for some premium, durable earbuds.More
The devices that are changing the streaming game in time for Christmas
Here are some of the best products in the streaming business, used by veterans and beginners alike.More
Game reviewTransformers: Battlegrounds
It may not be the best game in the world, but it’s a nice and easy introduction to tactical strategy games.More
Hands-on review: BenQ PD3220U monitor
This outstanding display is one to look out for if you’re a Mac user searching for a good-looking, well-performing monitor for your setup.More
Attempts to block Google's acquisition of Fitbit over health privacy
Google could monetise the health data of more than 28 million Fitbit users.More
Wintec's 'The Gig' virtual IT firm a melting pot for innovation
‘The Gig’ is essentially a ‘MakerLab’ that is operated virtually as a real IT company, with real clients. The aim is to help students work together to gain hands-on experience running an IT firm.More
Hands-on review: Fitbit Sense
This year, Fitbit surprised its fanbase with a brand new watch, the Fitbit Sense. Is it any better than the Versa 2 or 3? Is it worth the new, hefty price tag? More
Samsung unveils new SSD, optimised for 4K and 8K contents
Designed for consumers and professions using 4K and 8K contents, as well as graphic-heavy games, Samsung says its new SSD is optimised for handling data-intensive applications.More
New CompTIA cybersecurity skills certification available worldwide
Private sector business and defense organisations alike rely on CompTIA Security+ to build cybersecurity skills among their frontline cyber defenders.More
40% of free VPN apps found to leak data
81.4 million users who downloaded free VPNs could be putting themselves at risk.More
Relief from COVID impact spurs A/NZ job market
"Employers and employees are signalling more confidence."More
Hands-on review: Lenovo Smart Display 7 and Lenovo Smart Clock
Fashionistas will rejoice at the clever use of the cloth-covered units which mean they blend into any environment with ease. More
Vodafone NZ donates more than $43 million to over 1000 charities
The company has supported more than 1000 charitable organisations since 2002 with donations totalling over $43 million.More
More stories