Online trading under bot attack | Pentest7

top cybersecurity companies

The ongoing global pandemic has resulted in an increasing number of consumers shopping online. This year, revenue is expected to grow 16.8% to $ 4.921 trillion – an acceleration of four to six years, according to Adobe. E-commerce, which was threatened by cyber crime even before it grew, is now at even greater risk, as confirmed by Europol’s recent IOCTA report.

Website failures and online fraud pose challenges for online retailers

The recently published “State of Security within eCommerce 2021” report by Imperva also shows an increase in cybercrime in online retail. Retailers face a record shopping season as both traffic and cyber threats will increase. For retail, cybersecurity incidents mean lost sales and dissatisfied customers, regardless of whether they are website failures or online fraud. The global supply chains are also affected by the development. Empty shelves in the store or bought-up inventory could be the result. Individual traders may be forced to go out of business altogether.

The threat situation continues to worsen during the main season

Retail web sites are preferred targets of cyber criminals because they store personal information on consumer credit cards, gift card balances, loyalty points, and the like. According to the Imperva Report, online retailers face the following main threats, the illegal use of which allows hackers to gain access:

Bots are responsible for hostile account takeovers, credit card fraud, and the procurement of prices and content by competitors and third parties (price scraping). Compared to last year, bot attacks increased by 13% per month in 2021. More than half (57%) of the bot attacks were caused by online retailer websites – only 33% of other industries were affected.

One third (32.8%) of all login attempts on eCommerce websites are account takeovers. Put simply, taking over an account is identity theft, making it perhaps the most damaging of all bot attacks. Compared to the average volume of other industries (25.5%), the volume of ATOs in the retail industry is significantly higher.

Scalping is definitely not a new phenomenon. Price and product scalping has been used for years to secure a competitive advantage with limited editions. The bad news for retailers and consumers: the artificial shortage is expected to last well into 2022. That means buying a new game console or graphics processor will once again be an almost impossible task this holiday season.

  • Distributed Denial of Service (DDoS)

Already at the beginning of the Christmas shopping season, the Imperva research team noticed an increasing number of DDoS attacks, most of which occur at the application level (Layer 7). Layer 7 attacks are extremely effective because they consume both network and server resources. Over the course of the year, the retail sector recorded the third highest number on average at the application layer per month, with 14 DDoS incidents on average, with the number of incidents increasing significantly in September in particular. If you compare August 2021 with the DDoS attacks in September, an increase in attacks of 200% can be seen.

The Imperva Web Application Firewall (WAF) analyzed the traffic of more than 30 million web application attacks and trillions of HTTP requests. Retail websites were more affected by data leaks in 2021 (31.3 percent) than all other industries combined (26.9 percent). The trend in web application attacks differs significantly from that of previous years. Year-end attacks on eCommerce websites are unusually high and even exceed the trend line. The cause could be coveted Christmas gifts that are already being bought online in October.

“The 2021 Christmas shopping season is turning into a nightmare for retailers and consumers,” said Peter Klimek, Director of Technology, Office of the CTO, at Imperva. “As the global supply chain deteriorates, retailers will not only struggle to sell their products in the fourth quarter, but they will also face increased attacks from motivated cyber criminals seeking to capitalize on the chaos. The data from the Imperva Research Center underscores the need for retailers to invest in cybersecurity, which extends from the edge to applications and APIs to data. Only by protecting all ways to access the data can retailers truly protect their critical systems and the consumers who rely on them. “

Six tips for more cybersecurity in retail

Retailers need to be aware of the cybersecurity risks that come with shopping online, stay vigilant, and stay one step ahead of hackers. The following recommendations will help ensure safety for both the retailer and the customer.

  1. Advent season – high data traffic and DDoS attacks:

Attackers use the run-up to Christmas to launch DDoS attacks on online retailers, which leads to record-breaking data volumes. Regular stress tests ensure that retailers are protected from DDoS attacks on all web resources – even with high data volumes

  1. Marketing campaigns not only attract customers, but also bots:

Last year almost the entire inventory of game consoles and graphics processors was bought out. Bots were to blame. Consumer anger and disappointment also targeted retailers. This can be remedied by bot management solutions that only allow legitimate customers to visit the website.

  1. Increase password security:

Safe online trading requires safe user accounts. Passwords should therefore contain a minimum number of characters, capital letters, numbers, symbols, etc. Multi-factor authentication (MFA) also makes unauthorized access to the account more difficult. After a violation, the user must be informed and asked to change the password.

  1. Protect existing and newly added website functions against bad bots:

Some website functions are very vulnerable to bad bots. The login functionality can lead to credential stuffing and credential cracking attacks. Checkout forms increase the risk of credit card fraud, and the website’s gift card functionality can be used for fraudulent purposes. Websites with the functions listed above should therefore be additionally protected by a bot defense solution.

  1. Inventory of all client and server-side JavaScript-based services:

Hackers use high-volume websites, especially during busy periods, to extract sensitive information from website forms, such as registration and checkout. Special software solutions help to identify the compromised JavaScripts and to identify and evaluate the risks of every JavaScript-based service, as well as to block the execution of unauthorized services.

  1. Always be one step ahead of hackers:

For hackers, Advent is the perfect time to phishing. The attackers pretend to be a trustworthy company and send fake emails on its behalf that offer malicious voucher links or gift cards. To counteract this, retailers need to alert their customers to suspicious phishing campaigns. In addition, possible phishing attacks on employees must be monitored, as they are the shortest route into the company.

Leave a Reply

Your email address will not be published. Required fields are marked *