The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year.
And while we can’t yet talk of a post-pandemic era, as new cases and variants continue to hinder attempts of getting back to normal, we should instead investigate eCommerce amidst an ongoing pandemic.
One thing is clear, however, alongside growth comes an increased risk of cyber-attacks and fraudulent activity. Imperva Research Labs has published a new threat intelligence report – The State of Security Within eCommerce 2021 Report, summarizing a variety of cyber threat vectors affecting the industry. The report aims to provide online retailers with meaningful insights and guiding information ahead of the upcoming holiday shopping season.
What to expect
During the ongoing pandemic, consumer behavior has changed. As online shopping became more prevalent, shopping patterns became more sporadic. This meant that the 2020 holiday shopping was still targeted by cyber attacks, but these were also very much noticeable throughout the entire year. As things slowly return to some form of normal, the 2021 holiday shopping season is shaping up to be similar to those before the pandemic has hit in terms of traffic and threats.
Included amongst the threat vectors covered in this threat intelligence report are:
- Bad bots continue to be a nightmare for online retailers: Over half of all attacks targeting online retailers this year were carried out by bots. Bots have always been prevalent in online eCommerce, but the pandemic has made things much worse.
- Account takeover attacks: Also known as ATO, gaining illegal access to user accounts belonging to someone else has become even more prevalent throughout the ongoing pandemic. In fact, a third of all logins on online retailers this year have been account takeover attempts.
- DDoS attacks: According to Imperva Research Labs, online retailers have seen an average of about 14 DDoS incidents per month. Additionally, the rise of the ‘Meris’ botnet has brought about a significant spike in incidents during September, just ahead of the holiday shopping season.
- Client-side Attacks: Magecart attacks are a major cause of concern for online retailers. The abundance of JavaScript-based services used on online retail websites, 64 on average, as well as the amount of data passing through them, makes them an ideal target for attackers.
- Web Attacks: 2021 was characterized by more sporadic attack patterns, with timings that are less predictable than pre-pandemic. Compared to 2020, the peaks were actually higher.
- API Attacks: API attacks have been slightly less common in 2021 when compared to other industries or previous years. Yet, they remain an attractive target for attackers due to the sensitive payment data they hold.
Advanced threats call for advanced protection
As the popularity of online shopping continues to grow, it becomes even more lucrative for bad actors targeting online retailers. While the importance of investing in traditional security tools is indisputable, emerging threat vectors are taking center stage. From automated bot attacks to client-side and API attacks, retailers must stay one step ahead of attackers. Investing in an integrated platform like Imperva Application Security, which provides protection against the leading attacks and optimizes web performance, will help retailers operate efficiently and securely throughout the holidays and beyond.
For a full overview of the threats that targeted online retailers during 2021, as well as recommendations on how to prepare for the upcoming holiday shopping season, download The State of Security Within eCommerce 2021 Report here.
Try Imperva Application Security today, start your free trial now.
Try Imperva for Free
Protect your business for 30 days on Imperva.