November 10, 2022

The Imperva Threat Research’s State of Security Within eCommerce 2022 report had identified cyber threats that online retailers face throughout the year, such as attacks on retailers’ websites, Account takeover (ATO), credit card fraud, web scraping, API abuse, Grinch bots and distributed denial of service (DDoS), and APIs that pose a persistent business risk to retailers.

According to the report, nearly 40% of the traffic to retailers’ websites last year came from a bot, not humans, that is, software applications controlled by operators that perform automated tasks, often with malicious intent. The infamous Grinch bot is notorious in the retail industry for hoarding inventory during the holiday shopping season, siphoning off coveted items and making it more difficult for consumers to buy gifts online.

Almost a quarter (23.7%) of all traffic to retailers’ websites is the result of bad bots, malicious automation that contributes to online fraud, and the proportion of advanced bots (scripts that mimic human behavior and prevent them from being detected on retail websites rose from 23.4% to 31.1% last year. Without the proper defenses in place, advanced bots pose a significant challenge for organizations to combat.

Bot-related attacks on retail sites increased by 10% in October and 34% in November 2021, suggesting that bot operators are ramping up their nefarious efforts around peak shopping time. In 2021, 64% of all ATO attacks used a sophisticated bad bot. 23% of all login attempts on retail websites were malicious, almost twice as many as on websites in other industries. Attacks on retailers that contained login credentials used leaked credentials 95% of the time, compared to 70% of the time in other industries.

The sources for this piece include an article in InternetRetailing.