Black Friday, Cybersecurity, COVID: Ecommerce is Under Attack

December 15, 2020

  • COVID-19’s impact has driven consumers online in numbers never seen before.
  • A new report from Imperva warns that, while enjoying an extraordinary rise in sales, retailers should also prepare for a rise in cyber attack threats over the seasonal shopping period.
  • Investing in an integrated application security platform will help retailers better operate efficiently and securely throughout the holidays and beyond.


COVID-19 has exerted an enormous impact on the retail industry. With many stores closed, and large parts of the world’s population under some degree of lockdown, a desire for safety and convenience has increasingly driven shoppers online. US consumers spent almost $500 billion online by August, with sales exceeding $2 billion on 130 different days. Sales only reached that level on two days in 2019.


While this is undeniably good news for retailers, enthusiasm has been tempered by a corresponding increase in the volume of cyber attacks on e-commerce sites. The graph below shows the Cyber Threat Index (CTI)* for the retail sector rising sharply around the beginning of global lockdown measures at the end of March and the corresponding growth in online shopping. In fact, you can see how it quickly surpasses the peak of 2019’s Black Friday and Cyber Monday weekend.


Imperva December Blog Image


Retailers should, therefore, be ultra-vigilant. The holiday shopping season is well under way, and the level of cyber threat facing e-commerce sites is already higher than last year’s seasonal peak. Who knows just how high it’ll reach throughout the rest of the holiday period?



Concerning cyber attack trends

The State of Security Within e-Commerce,” a new report highlighting the cybersecurity attack risks faced by the retail industry amid this unprecedented volume of web traffic, employs data from a wide variety of sources. It catalogues the types of attacks observed up to September 30 and examines where they came from and how they were delivered.


Among its findings, the report details several cyber attack trends of concern, including:


  • Bad bots are the biggest abusers - Malicious automated attacks - or bots - are a top threat to online retailers, a trend that remains consistent since before the arrival of COVID-19. In fact, almost three-quarters of the attacks detailed in the report originate from automated bot activity. Simple bots connecting to a single IP address were used in the majority of these, while the United States, Russia and Ukraine were identified as the leading sources of attacks. Furthermore, the report reveals how rival retailers are increasingly deploying bots for price scraping and inventory trackers to keep an eye on their competitors’ activity.
  • Web attacks on the rise - Cyber attacks targeting websites reached record levels in 2020, with the three most popular techniques being remote code execution (RCE), data leakage and cross-site scripting (XSS). Half of the attacks performed over the course of the year were carried out against retail sites hosted in the US by attackers using anonymity frameworks, a commonly used means of concealing a bad actor’s identity from its target.
  • API attacks above average - The volume of attacks on retailer APIs far exceeded average levels this year, with the sensitive payment data they retain making them an especially attractive target for cybercriminals. According to the report’s findings, the leading vectors for retail API attacks in 2020 were XSS and SQL injection.
  • Rise in number and size of DDoS attacks - Researchers saw an increase in the volume and intensity of DDoS attacks throughout 2020, recording an average of eight application layer DDoS attacks a month against retail sites. A significant peak occurred in April as demand for online shopping grew as a result of pandemic-related stay-at-home orders.
  • Retail is a prime target for account takeover (ATO) - Online retailers experienced more than twice as many ATO attempts as any other industry this year, with criminals largely using leaked credentials to defraud retail targets due to their guaranteed higher success rate.
  • Retailers vulnerable to client-side attacks - Many online retail sites are built on CMS frameworks with a plethora of third-party plug-ins. On average, 31 JavaScript resources are used per site, making retailers vulnerable to forms of supply chain fraud such as formjacking, data-skimming and Magecart attacks.



Providing protection against attacks

The holiday shopping season is traditionally a crucial revenue period for retailers. The National Retail Federation forecasts that holiday sales in 2020 will increase by up to 5.2 percent over last year. On the flip side, though, retailers have been tasked with tackling a historically high level of both human and attack traffic to their sites.


The myriad complex cybersecurity threats are compounded by the impact of the pandemic. Managing a stack of point solutions to address each of these unique risks can be challenging for lean security teams. By investing in an integrated application security platform (which provides protection against the leading attacks and optimizes web performance) retailers will be better able to operate efficiently and securely throughout the holidays and beyond.


For more details on the types of threats faced by online retailers in 2020, and what they can do to prepare for them, you can download The State of Security within E-commerce report here.


* Calculated using data gathered from sensors across the world, the Cyber Threat Index is a continuous measurement and analysis of the global threat landscape.

Edward Roberts
Director Marketing Strategy Application Security | Imperva
Prior to Imperva Roberts led marketing at Distil Networks and has over twenty years of experience in technology marketing. Previously he worked for Juniper Networks, heading up Product Marketing for the Counter Security team. Before that he ran marketing for Mykonos Software, a web security company.