Facebook
Twitter
LinkedIn
Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, warns that as generative AI tools and Large Language Models (LLMs) continue to proliferate and advance, cybercriminals are increasingly using these technologies to enhance the scale and sophistication of their attacks on eCommerce platforms.
With sales beginning as early as October and extending through late December, the holiday shopping season represents a critical time for online retailers. The surge in activity not only drives substantial revenue but also attracts malicious actors targeting retailers at a time when they can least afford downtime or a security incident. As this crucial period approaches, retailers must prepare for a range of AI-driven threats, including bots, distributed denial of service (DDoS) attacks, API violations, and business logic abuse.
While cybersecurity threats are a concern year-round, they become even more pronounced during the holiday shopping season, when retailers often experience record-breaking sales, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. Cybercriminals recognize this and are using generative AI tools and LLMs to capitalize on the increased volume of digital transactions, limited-time promotions, and the gift cards and loyalty points stored in customer accounts.
In a recent 6-month analysis (April 2024 - September 2024), data from Imperva Threat Research reveals that, on average, retail sites collectively experience 569,884 AI-driven attacks each day. These attacks originate from AI tools like ChatGPT, Claude, and Gemini, alongside specialized bots that are designed to scrape websites for LLM training data. An analysis of these attacks shows that cybercriminals are primarily using the AI tools to carry out the following types of attacks.
Business Logic Abuse: The most common AI-driven attack (30.7%), business logic abuse involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, such as manipulating prices, bypassing authentication, or abusing discount codes. AI enables attackers to automate these exploits at scale, making them harder to detect. To protect against these attacks, retailers should implement strict validation on all user inputs, employ anomaly detection systems to identify unusual activities, and regularly audit their business processes to identify functionalities that could be abused.
DDoS Attacks: Representing 30.6% of all AI-driven threats to retailers, DDoS attacks aim to overwhelm a website's resources, resulting in downtime that can lead to lost sales and reputational damage-especially during peak shopping periods. Cybercriminals are now leveraging AI to coordinate large botnets more efficiently, enhancing the effectiveness of these attacks. Retailers should invest in a DDoS protection solution that utilizes machine learning to identify and mitigate malicious traffic in real time, ensuring that legitimate customers are not impacted.
Bad Bot Attacks: Attacks from bad bots account for 20.8% of AI-driven threats targeting retailers. These automated threats engage in disruptive activities such as scraping pricing data, credential stuffing, and inventory hoarding (scalping). The infamous Grinch bot, in particular, is notorious for its inventory hoarding during the holiday shopping season, making it increasingly difficult for consumers to purchase high-demand items. With advancements in AI, operators can now create bots that convincingly mimic human behavior, allowing them to evade traditional security measures. To combat this threat, retailers should implement bot management solutions that utilize behavioral analytics to differentiate between genuine users and sophisticated bots.
API Violations: As eCommerce platforms increasingly expose APIs for mobile applications and third-party integrations, API violations are on the rise, accounting for 16.1% of AI-driven attacks on retailers. Cybercriminals exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or functionality. With the assistance of AI, attackers can quickly identify weak points in API implementations, making these threats particularly challenging to mitigate. To safeguard their APIs, retailers should enforce strict authentication and authorization protocols, implement rate limiting to prevent abuse, and regularly conduct comprehensive security assessments and penetration testing.
These AI-driven attacks pose significant risks not only for retailers but also for consumers. Cybercriminals are leveraging AI to conduct bot attacks, abuse business logic, and disrupt systems, putting sensitive personal information-including credit card details, addresses, and account information-at increased risk. Successful attacks can lead to identity theft, financial loss, and a loss of trust in eCommerce platforms, with fraudulent charges and unauthorized account access negatively affecting consumers shopping experiences.
In previous years, weve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats, adds Singh. Without robust defenses, retailers risk facing a perfect storm of AI-driven attacks that could disrupt operations, compromise customer data, and tarnish their reputations during the most critical time of the year. To effectively mitigate these threats, retailers must adopt a comprehensive strategy that not only defends against these attacks but also allows them to respond swiftly without disrupting the shopping experience.
Additional Information:
Europe Stories
09/12/2024
Dalet, a leading technology and service provider for media-rich organizations, today announced that it has been named an IDC Innovator in the IDC Innovators: ...
09/11/2024
Dalet, a leading technology and service provider for media-rich organizations, today announced three new members of its executive team. Tara Bryant joins as Chi...
22/10/2024
October 22, 2024
Comercio TV Chooses Broadpeak to Optimize OTT Video Delivery and Monetization
CESSON-SEVIGNE, France - Oct. 22, 2024 - Broadpeak , a leadi...
22/10/2024
The CTO Office has been tasked with the gradual introduction and integration of new technologies to improve the efficiency, reach and quality of media productio...
22/10/2024
The FilmLight Colour Awards 2024 jury recently gathered ahead of casting their final votes for this year's nominees. During the discussion, George Miller, 2...
22/10/2024
Brand new series Maddie Triggs premieres on Monday 21st October at 11.10am on RT jr. 15 episodes will drop on RT Player at the same time.
The series follows ...
21/10/2024
The appointment aims to further align the companys commercial teams, delivering greater value to customers, end users and partners, said Vizrt
By Matthew Corri...
21/10/2024
21 Oct 2024
Nasdaq Confirms VEON's Full Compliance Following its 2023 20-F Filing Amsterdam and Dubai, 21 October 2024: VEON Ltd. (Nasdaq: VEON; Euronext A...
21/10/2024
21 Oct 2024
VEON Commences its Delisting from Euronext Amsterdam to Consolidate...
21/10/2024
21 Oct 2024
VEON Welcomes Letter from its Shareholder Shah Capital, Reiterates ...
21/10/2024
Rohde & Schwarz supplies communications and radar electronic support measures fo...
21/10/2024
Fox Corporation Executives to Discuss First Quarter Fiscal 2025 Financial Result...
21/10/2024
Comscore partners with IAMAI for India's comprehensive CTV Study to deliver ...
21/10/2024
Facebook
Twitter
LinkedIn
Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, warn...
18/10/2024
MobilePoser aims to democratise motion capture, making immersive experiences more accessible
By Matthew Corrigan
Published: October 18, 2024
MobilePoser a...
18/10/2024
The company said it was surprised and disappointed to learn of Greenwich Councils decision
By Matthew Corrigan
Published: October 18, 2024 Updated: October...
18/10/2024
Edinburgh, Scotland and Geneva, Switzerland - 18 October - Business and industry leaders from around the world are joining technology experts in Edinburgh next ...
18/10/2024
ICG has delivered a bold new website for Cure It, a leading GRP flat roofing system supplier.
GRP (glass-reinforced plastic) is becoming increasingly popular d...
18/10/2024
Interim report 2024, January September 18 Oct 2024 at 07:30 GMT+2
Regulatory press release
Third quarter
Order intake for the third quarter increased b...
18/10/2024
HMS Networks has completed the divestment of MB Connect Line 18 Oct 2024 at 15:01 GMT+2
Regulatory press release
HMS Industrial Networks GmbH, a wholly own...
18/10/2024
FilmLight
103 Bermondsey Street, London, SE1 3XB
Wednesday 27th November, from...
18/10/2024
Storm response: what we do in bad weather to maintain data, network and communications services
Poor weather is a fact of life. However, the 2023/24 storm seas...
17/10/2024
The air is turning crisp, and it won't be long until everyone is walking aro...
17/10/2024
Spotify is once again collaborating with record-breaking legends from the worlds...
17/10/2024
Rebeca Andrade knows her way around the gym floor . . . and vault, and uneven bars, and balance beam. The 25-year-old is the most decorated Latin American gymna...
17/10/2024
Since Charli xcx and Troye Sivan kicked off SWEAT, their joint tour of North America, in September, the live shows have become part of the cultural canon. Toget...
17/10/2024
Last Cut Media Increases EditShare Footprint to Streamline Production
Adds capacity, AI indexing and sharing technologies
Boston, MA, 17 October 2024 - EditS...
17/10/2024
Since its launch in 2020, Blue Lucy's flagship product, BLAM, has also been the company's only product. BLAM is a sophisticated workflow orchestration, ...
17/10/2024
John Wastcoat, SVP business development and marketing at Zixi, highlights how me...
17/10/2024
Zambarloukos details the cameras and lenses he used to capture Tim Burtons spook...
17/10/2024
He takes up the role immediately, having spent the past 10 years as global client director at EMG/Gravity Media
By Jenny Priestley
Published: October 17, 202...
17/10/2024
Mo-Sys planned to refurbish the Grade II listed site, opening eight studio stages
By Matthew Corrigan
Published: October 17, 2024 Updated: October 18, 2024...
17/10/2024
17 Oct 2024
VEON Files its 2023 Form 20-F Amsterdam, 17 October 2024, 20:45: VEON Ltd. (Nasdaq: VEON, Euronext Amsterdam: VEON), a global digital operator ( VE...
17/10/2024
DUNE: PROPHECY coming exclusively to Sky and NOW on November 18, as official tra...
17/10/2024
Rohde & Schwarz achieves full coverage of Skylos test plan for NB-NTN devices, e...
17/10/2024
Dalet, a leading technology and service provider for media-rich organizations, today announced that RNZ has partnered with Dalet to transform its editorial syst...
17/10/2024
Home News & Press Press Release Blancco Launches Free ROI Calculator to He...
17/10/2024
For the first time, businesses of all sizes around the world - even those without a brick-and-mortar presence - can manage the way they appear to over 1 billion...
17/10/2024
Facebook
Twitter
LinkedIn
French forces have received the first 300 Thales...
17/10/2024
Genelec opens new Seoul Experience Centre posted: 17/10/2024
Seoul, South Korea, October 2024....Genelec has added Seoul to its growing global network of ...
17/10/2024
Guests include Sin ad Burke, Bryan Dobson, Sonia O'Sullivan, Ricky Tomlinson, David Norris, Catherine Joyce Collins, Ronan Tynan, Olwen Fou r , Fintan O'...
17/10/2024
Hollywood actors Colin Farrell, Rupert Everett and Aidan Quinn among guests on t...
16/10/2024
We are pleased to announce that Federica Varalda has been appointed as Managing Director - Development for the Thomson Group. She will be leading project develo...
16/10/2024
The air is turning crisp, and it won't be long until everyone is walking aro...
16/10/2024
Applicable Products Part number Description
QUARTZ-22-LTE (EU) Dual Port Dual SIM LTE Router (EU)
QUARTZ-22-UMTS (EU) Dual Port Dual SIM UMTS Rout...
16/10/2024
Director Kahlil Joseph's name is just as likely to appear in world-renowned art exhibitions as it is atop the credits for lauded music videos. In the latter...
16/10/2024
Home chevron_right News & Events chevron_right News chevron_right Kunstmin Th...
16/10/2024
Ens lenses feature a magnification ratio of 1:4 on most focal lengths, equivalent to 10 close focus on the 32mm, which, said the company, is only 3.7 from the ...
16/10/2024
Facebook
Twitter
LinkedIn
On 16 October 2024, in the first flight tests of...
Facebook 
