A range of cybersecurity threats — including account takeover (ATO), credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks — were a persistent challenge for the e-commerce industry throughout 2022, threatening online sales and customer satisfaction.

The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research, identified cyber threats facing online retailers. The attacks on retailers’ websites, applications, and APIs throughout the calendar year and during the peak holiday shopping season is a continued business risk for the retail industry.

In the past 12 months, nearly 40% of traffic on retailers’ websites didn’t come from a human, the report found. Instead, it came from a bot, software applications controlled by operators that run automated tasks, often with malicious intent. In the retail industry, the infamous Grinch bot is notorious for inventory hoarding during the holiday shopping season, scooping up high-demand items and making it challenging for consumers to purchase gifts online.

Of all the traffic on retailers’ websites, nearly one-quarter (23.7%) was attributed specifically to bad bots, malicious automation that contributes to online fraud. The proportion of advanced bots — scripts that use the latest evasion techniques to mimic human behavior and avoid detection — on retail sites grew over the prior year (from 23.4% to 31.1%). Advanced bots are a considerable challenge for organizations to stop without the right defenses in place. 

In 2021, bot-related attacks on retail sites grew 10% in October and grew another 34% in November, suggesting that bot operators increase their nefarious efforts around peak holiday shopping periods. In 2021, 64% of ATO attacks used an advanced bad bot. Of all login attempts on retail websites, 23% were malicious, nearly twice the volume of recorded on sites across other industries. Attackers used leaked credentials 95% of the time in credential stuffing attacks targeting retailers, compared to 70% of the time in other industries.

For more report information, click here.