In the “State of Security Within eCommerce” study carried out by Imperva Research Labs, it was found that more than half (57%) of cyber attacks on e-commerce websites were carried out by bots in 2021, compared to the mere 33% that other industries faced.
The study, based on a 12-month period, recorded spikes in web application attacks corresponding to times of high shopper activity. The attacks varied in scope with data leakage of consumers’ payment information topping the list at over 30% of all types of cyber attack, compared to the average of around 27% that occurred within other industries.
The report goes on to further state that monthly automatic bot attacks rose by 13% in 2021 compared to 2020, with sophisticated bad bots that are able to mimic human behaviour with a mouse rising also. With many e-commerce platforms only being able to employ simple means of defence against bot attacks, the rise of sophisticated bots has caused a rise in fraud and account takeover in the course of those 12 months.
Further threat to online retailers comes from a spike in Distributed Denial of Service (DDoS) attacks, with September 2021 recording an unprecedented 200% rise in cases of DDoS incidents across e-commerce platforms. This sharp increase is a unique case, and has been attributed to the “Meris” botnet that first targeted Russian companies in late August. According to analysis the DDoS attacks from this network are capable of generating 21.8 million requests per second. WIth DDoS causing disruption to platforms by flooding them with bot traffic and rendering real customers unable to use them, they are a thorn in the side of e-commerce platforms worldwide.
