CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Army of bots showing eCommerce retailers and account takeover, DDoS and API attacks
Cyber SecurityNews
·3 min read

62% of Security Incidents on eCommerce Retailers Originate from Bots, Including Account Takeover, DDoS and API Attacks

Alicia Hope·November 11, 2022

Imperva’s The State of Security Within eCommerce 2022 report indicated that bots were responsible for most security incidents, including automated account takeover attacks on eCommerce retailers.

According to the report, 40% of traffic on retail websites originated from bots programmed to perform automated actions, usually with malicious intent. Subsequently, 62% of attacks on retailers’ websites originated from automated scripts compared to 28% from other industries. These include Grinch bots hoarding high-demand items and bad bots frequently executing attacks on retailers’ websites, applications, and APIs.

Imperva found that attacks ranging from account takeover, credit card fraud, web scraping, API abuse, Grinch bots, and DDoS attacks were a significant challenge for eCommerce retailers, threatening online sales and customer satisfaction.

Bot traffic threatens eCommerce retailers

Although the majority of all traffic to online retailers’ sites and applications remained human, bot traffic increased significantly in 12 months.

While bad bot traffic remained relatively unchanged at 23.7%, good bots increased to 16.6%, bringing total automated traffic to 40.3%.

Surprisingly, malicious bot traffic volume on eCommerce retailers’ websites was less than the general average of 30.7%, although their level of sophistication was higher than average. In 12 months, the presence of advanced bad bots on retail websites increased from 23.4% to 31.1% compared to the general average of 22.1%.

While good bots didn’t mean harm, the researchers warned that they still posed an online threat by skewing analytics and hampering conversion rates. Similarly, low bad bot traffic does not indicate reduced risks, as sophisticated bots could achieve their goals with fewer requests.

“They often choose “low and slow” tactics, which enable them to carry out significant attacks using fewer requests and even delay requests, allowing them to not stand out from the normal traffic patterns and avoid triggering ratebased security detection thresholds,” the report stated.

According to the researchers, bot operators went to great lengths to cover their tracks by employing various evasion tactics. For example, they mimicked human behavior and leveraged anonymity frameworks, such as anonymous proxies and TORs, to avoid identification.

During the observation period, the volume of anonymized attacks increased from 3.5% to 33% within a year. Thus, while bad bot traffic volume on retail websites remained constant in 2021, it was more destructive and difficult to detect and block than a year before.

eCommerce retailers experience more account takeover attacks

Account takeover (ATO) attacks involve cybercriminals using stolen passwords and usernames to compromise online accounts. These attacks might also include creating fake accounts using stolen credentials.

According to Imperva’s State of Security report, ATO attacks disproportionately target eCommerce retailers more than other industries. For example, eCommerce retailers experienced 22.6% of malicious account takeover login attempts, nearly twice the general average (11.6%). Attackers also used leaked credentials in 94.7% of credential-stuffing attacks against eCommerce retailers, compared to 69.6% in other industries. Additionally, there was widespread use of sophisticated bots in account takeover attacks, with threat actors deploying advanced bad bots in 64.1% of ATO attacks.

The end goal of account takeover attacks was to steal saved credit card information, gift card balances, loyalty points, and other customer benefits. According to the researchers, account takeover attacks intensify during the holiday season or other global events, such as the war in Ukraine.

Distributed denial of service (DDoS) attacks intensified across industries

Imperva threat research found that DDoS attacks in 2022 are larger and stronger across all industries. Such attacks originate from a group of compromised connected devices across the Internet operated by a single threat actor.

According to Imperva, DDoS attacks were a persistent and critical threat for eCommerce retailers relying on application performance and availability for online business.

Imperva found that attacks with rates of over 100 Gbps tripled while those over 500 Gbps increased by 287%. Additionally, 55% of all applications hit by application layer DDoS attacks, and 80% of those struck by network layer DDoS, suffered attacks multiple times.

Imperva stated that the downtime caused by a DDoS attack could lead to disruption, reputational damage, and revenue losses to eCommerce retailers.

API abuse is a growing problem

Application programming interfaces (APIs) are the “connective tissue” that allows applications to share data, consume and provide digital services. As such, APIs were the source of 42% of online traffic on eCommerce retailers’ websites.

Additionally, 12% of API traffic directs to endpoints with access to sensitive personal data such as credentials, identification numbers, etc.

It was noted that 3-5% of API traffic flows to shadow APIs that security teams are not aware of their existence and hence cannot protect them. Subsequently, exposed or shadow APIs abuses were avenues for exfiltrating customer data and payment information.

Imperva found that API abuse increased by 35% between September and October 2021 before spiking again by another 22% in November, above the previous months’ elevated attack levels. These observations suggested that bots were more active during the peak holiday shopping season, and the situation would be no different in 2022.

Imperva advised eCommerce retailers to prepare for high traffic and DDoS attacks during the peak holiday season and expect bots to target their marketing campaigns. Other recommendations include protecting their website functionalities, taking inventory of client-side javascript and services, and staying ahead of scammers by warning customers about phishing attacks.

 

Tags
Account TakeoverAPI AttacksDDoS AttackeCommerce Retailers
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.
Related
Hacker working on computer showing DDoS Attack on X
Cyber SecurityNews

Pro-Palestine “Hacktivist” Group Takes Credit for DDoS Attack on X

March 13, 2025
Microsoft Azure logo close-up showing DDoS attack caused Azure outage
Cyber SecurityNews

DDoS Attack Creates Global Azure Outage for Eight Hours

August 7, 2024
Exclamation alarm on smartphone showing ChatGPT outage due to DDoS Attack
Cyber SecurityNews

OpenAI Attributes ChatGPT Outages to a DDoS Attack Claimed by a Russian Hacktivist Group

November 15, 2023
Backlit hand using tablet with abstract glowing digital skull showing bad bots and account takeover and API attacks
Cyber SecurityNews

Bad Bots Account For 30% Of Internet Traffic and Are More Frequent in Account Takeover and API Attacks

May 30, 2023
Facebook screen in the hands of a woman showing account takeover of Facebook profiles
Cyber SecurityNews

An Effective Account Takeover Trick Is Helping Scammers Steal Thousands of Facebook Profiles

May 3, 2023
NATO plane at runway showing DDoS attack by Russian hackers disrupted earthquake relief efforts
Cyber SecurityNews

DDoS Attack by Russian Hackers Disrupt Turkey-Syria Earthquake Relief, Other NATO Operations

February 20, 2023
Logo of TikTok in the reflection of a broken mirror showing TikTok hack and account takeover
Cyber SecurityNews

“One-Click” TikTok Hack Discovered That Put 2 Billion App Users at Risk, but No Reports Yet of Account Takeover in the Wild

September 8, 2022
Disney store window showing account takeover of social media
Cyber SecurityNews

Disneyland Account Takeover Highlights Lax Security for Social Media Accounts

July 13, 2022

Latest

Mobile phone and lock icons showing messaging app security breach

High Security Messaging App Tool Used by US Government Suspends Service After Security Breach

TikTok logo on smartphone showing data transfers of EU data

TikTok to Receive €530 Million Fine Over EU Data Storage, Data Transfers to China

Headset on laptop showing IT help desks social engineering attack

IT Help Desks Across UK Victimized by “DragonForce” Social Engineering Attack

Hacker using laptop showing data theft from cyber attack

The Co-op Confirms Significant Data Theft from an Apparent Dragonforce Ransomware Cyber Attack

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Categories

Data Privacy
Data Protection
Cyber Security
Tech
Insights
News
Resources
Press Releases

© 2024 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    Data Breach U.S. Regulations Cyber Attack EU GDPR
    See all results