As the holiday shopping season draws near, a new analysis by Imperva, a Thales company, reveals a significant uptick in AI-powered cyberattacks aimed at online retailers. This six-month report, covering the period from April to September 2024, indicates that retail websites are experiencing an alarming average of 569,884 AI-driven attacks daily, primarily fueled by advanced AI tools like ChatGPT, Claude, and Gemini, as well as specialized bots designed for data extraction to train Large Language Models (LLMs).
The study identifies business logic abuse as the most common type of AI attack, constituting 30.7% of the threats. Cybercriminals exploit legitimate application functionalities and APIs to engage in malicious activities, including price manipulation and discount code exploitation. To combat this, Imperva recommends that retailers implement rigorous user input validation and establish anomaly detection systems.
Distributed Denial of Service (DDoS) attacks follow closely behind, making up 30.6% of AI-driven threats. These attacks aim to overwhelm website resources, resulting in operational downtime, lost revenue, and damage to brand reputation. Imperva advocates for retailers to invest in machine learning-based DDoS protection solutions to effectively identify and filter out malicious traffic.
Additionally, bad bot attacks account for 20.8% of the threats targeting retailers. These bots are engaged in various malicious activities, such as scraping pricing data, credential stuffing, and hoarding inventory. The infamous ‘Grinch bot,’ known for its aggressive inventory hoarding during the holidays, is cited as a notable concern. To mitigate these risks, retailers are encouraged to adopt behavioral analytics as part of their bot management strategies.
API violations are also rising, representing 16.1% of AI-driven threats. As eCommerce platforms increasingly rely on APIs for mobile applications and third-party integrations, cybercriminals exploit these vulnerabilities to gain unauthorized access to sensitive data. Imperva emphasizes the need for stringent authentication protocols and comprehensive security assessments to protect APIs.
Nanhi Singh, General Manager of Application Security at Imperva, warns that while cybersecurity threats persist throughout the year, they become especially acute during the holiday season when retailers typically see a surge in sales. “Cybercriminals recognize this opportunity and are leveraging generative AI tools and LLMs to exploit the heightened volume of online transactions, enticing promotions, and customer account rewards like gift cards and loyalty points,” Singh explains.
He adds that past holiday seasons have seen security threats such as Grinch bots and DDoS attacks lead to significant disruptions for both retailers and consumers. “With the increasing accessibility of generative AI tools and LLMs, retailers are now facing a new wave of sophisticated cyber threats. Without robust defenses, they risk encountering a perfect storm of AI-driven attacks that could compromise operations, jeopardize customer data, and damage their reputations during this critical sales period,” Singh warns.
The report highlights the implications of these AI-driven threats not only for retailers but also for consumers, potentially leading to identity theft, financial losses, and a decline in trust towards eCommerce platforms. As cybercriminals continue to exploit these advanced technologies, the retail sector is urged to enhance its cybersecurity protocols to protect both business operations and customer information during the peak shopping season.
Related topics:
Unique Australian Christmas Traditions: A Warm-Weather Celebration
New Public Holiday Proposed to Celebrate Indigenous Culture in Victoria
Victoria Considers New Public Holiday to Honor Indigenous Cultures Amid Treaty Negotiations