AI-driven Attacks Targeting Retailers Ahead of the Holiday Shopping Season
21/10/2024
Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, warns that as generative AI tools and Large Language Models (LLMs) continue to proliferate and advance, cybercriminals are increasingly using these technologies to enhance the scale and sophistication of their attacks on eCommerce platforms.
With sales beginning as early as October and extending through late December, the holiday shopping season represents a critical time for online retailers. The surge in activity not only drives substantial revenue but also attracts malicious actors targeting retailers at a time when they can least afford downtime or a security incident. As this crucial period approaches, retailers must prepare for a range of AI-driven threats, including bots, distributed denial of service (DDoS) attacks, API violations, and business logic abuse.
While cybersecurity threats are a concern year-round, they become even more pronounced during the holiday shopping season, when retailers often experience record-breaking sales, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. Cybercriminals recognize this and are using generative AI tools and LLMs to capitalize on the increased volume of digital transactions, limited-time promotions, and the gift cards and loyalty points stored in customer accounts.
In a recent 6-month analysis (April 2024 - September 2024), data from Imperva Threat Research reveals that, on average, retail sites collectively experience 569,884 AI-driven attacks each day. These attacks originate from AI tools like ChatGPT, Claude, and Gemini, alongside specialized bots that are designed to scrape websites for LLM training data. An analysis of these attacks shows that cybercriminals are primarily using the AI tools to carry out the following types of attacks.
Business Logic Abuse: The most common AI-driven attack (30.7%), business logic abuse involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, such as manipulating prices, bypassing authentication, or abusing discount codes. AI enables attackers to automate these exploits at scale, making them harder to detect. To protect against these attacks, retailers should implement strict validation on all user inputs, employ anomaly detection systems to identify unusual activities, and regularly audit their business processes to identify functionalities that could be abused.
DDoS Attacks: Representing 30.6% of all AI-driven threats to retailers, DDoS attacks aim to overwhelm a website's resources, resulting in downtime that can lead to lost sales and reputational damage-especially during peak shopping periods. Cybercriminals are now leveraging AI to coordinate large botnets more efficiently, enhancing the effectiveness of these attacks. Retailers should invest in a DDoS protection solution that utilizes machine learning to identify and mitigate malicious traffic in real time, ensuring that legitimate customers are not impacted.
Bad Bot Attacks: Attacks from bad bots account for 20.8% of AI-driven threats targeting retailers. These automated threats engage in disruptive activities such as scraping pricing data, credential stuffing, and inventory hoarding (scalping). The infamous Grinch bot, in particular, is notorious for its inventory hoarding during the holiday shopping season, making it increasingly difficult for consumers to purchase high-demand items. With advancements in AI, operators can now create bots that convincingly mimic human behavior, allowing them to evade traditional security measures. To combat this threat, retailers should implement bot management solutions that utilize behavioral analytics to differentiate between genuine users and sophisticated bots.
API Violations: As eCommerce platforms increasingly expose APIs for mobile applications and third-party integrations, API violations are on the rise, accounting for 16.1% of AI-driven attacks on retailers. Cybercriminals exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or functionality. With the assistance of AI, attackers can quickly identify weak points in API implementations, making these threats particularly challenging to mitigate. To safeguard their APIs, retailers should enforce strict authentication and authorization protocols, implement rate limiting to prevent abuse, and regularly conduct comprehensive security assessments and penetration testing.
These AI-driven attacks pose significant risks not only for retailers but also for consumers. Cybercriminals are leveraging AI to conduct bot attacks, abuse business logic, and disrupt systems, putting sensitive personal information-including credit card details, addresses, and account information-at increased risk. Successful attacks can lead to identity theft, financial loss, and a loss of trust in eCommerce platforms, with fraudulent charges and unauthorized account access negatively affecting consumers shopping experiences.
In previous years, weve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats, adds Singh. Without robust defenses, retailers risk facing a perfect storm of AI-driven attacks that could disrupt operations, compromise customer data, and tarnish their reputations during the most critical time of the year. To effectively mitigate these threats, retailers must adopt a comprehensive strategy that not only defends against these attacks but also allows them to respond swiftly without disrupting the shopping experience.
Additional Information:
LINK: | https://www.thalesgroup.com/en/worldwide/digital-identity-and-security... |
See more stories from thales |
Most recent headlines
09/12/2024
Dalet Named an IDC Innovator in Media and Entertainment
Dalet, a leading technology and service provider for media-rich organizations, today announced that it has been named an IDC Innovator in the IDC Innovators: ...
09/11/2024
Dalet Expands Leadership Team to Fuel Next Stage of Growth
Dalet, a leading technology and service provider for media-rich organizations, today announced three new members of its executive team. Tara Bryant joins as Chi...
22/10/2024
Benjamin Ree's Ibelin Takes Viewers to a Different World and Moves Them to Tears
From L-R: Robert Steen, Trude Steen, Mia Steen and Benjamin Ree (Marc Sagliocco/...
22/10/2024
Take Your Spotify Playlists to the Next Level With Custom Cover Art
At Spotify, we know our users like to flex their creativity. We've seen this come to life across the more than 8 billion playlists listeners have created to...
22/10/2024
Spotify NextGen Spelman College Partnership With Podcast Studio Opening
In 2022, Spotify's partnership with Spelman College took flight as part of our NextGen audio program that aims to infuse, activate, and grow podcast culture...
22/10/2024
Comercio TV Chooses Broadpeak to Optimize OTT Video Delivery and Monetization
October 22, 2024 Comercio TV Chooses Broadpeak to Optimize OTT Video Delivery and Monetization CESSON-SEVIGNE, France - Oct. 22, 2024 - Broadpeak , a leadi...
22/10/2024
The Gauge: Mexico September 2024
In September, audiences in Mexico decreased their streaming usage by 1 point compared to the previous month, accounting for 21.5% of TV viewing. Disclaimer: YU...
22/10/2024
Disney Retakes Top Spot in Nielsen's Media Distributor Gauge as Football Hikes TV Viewing in September
FOX exhibits largest monthly gain as multiple NFL and NCAA football distributors...
22/10/2024
Fubo Unveils Standalone Premium Subscription Networks
NEW YORK Live sports TV streaming platform Fubo has launched standalone premium subscription services, the company said today....
22/10/2024
Sportradar Launches New Suite of NBA Fan-Engagement Solutions
NEW YORK & ST. GALLEN, Switzerland In the run-up to the start of the NBA season, Sportradar has introduced a new suite of innovative fan-engagement solutions to...
22/10/2024
Digital Domain Relaunches Advertising Experiences Group With New Hires
Digital Domain Relaunches Advertising Experiences Group With New Hires Brie Clayton October 22, 2024 0 Comments Digital Domain, a pioneer in visual ef...
22/10/2024
Hiroshi Okuyama Film My Sunshine Shot and Graded Using Blackmagic Design Products
Hiroshi Okuyama Film My Sunshine Shot and Graded Using Blackmagic Design Product...
22/10/2024
InnovateUK and EU Approve 1.2 Million in Funding for Immersive Technology from Disguise
InnovateUK and EU Approve £1.2 Million in Funding for Immersive Technology from ...
22/10/2024
Lauv Inspires Berklee Students with Authenticity and Chart-Topping Success
Lauv Inspires Berklee Students with Authenticity and Chart-Topping Success Pop sensation Lauv shares insights on creativity, vulnerability, and overcoming the...
22/10/2024
Applications Open for Next Jazz Legacy 2025 Cohort
Applications Open for Next Jazz Legacy 2025 Cohort Backed by a $1.25 million Mellon Foundation grant, the initiative from New Music USA and the Berklee Instit...
22/10/2024
This Rihanna Song Has Secret' '80s Easter Eggs
This Rihanna Song Has Secret' '80s Easter Eggs The SOS songwriter revealed a nostalgic twist to the lyrics, and it's going viral on TikTok. By...
22/10/2024
Broadcast Solutions aims to drive innovation with new CTO Office
The CTO Office has been tasked with the gradual introduction and integration of new technologies to improve the efficiency, reach and quality of media productio...
22/10/2024
Bally Sports Rebrands as FanDuel Sports Network
SOUTHPORT, Conn. and NEW YORK Diamond Sports Group and the online gaming company FanDuel have announced a wide-ranging long-term commercial partnership that wil...
22/10/2024
Roku Keeps 37% Share of North American Streaming Device Market
New research indicates that Roku remains the top connected TV (CTV) streaming device in North America, with a 37% share of the open programmatic ads sold on spe...
22/10/2024
S&P: TV-Station Advertising To Grow 14% to $24.95 Billion in 2024
The newly released S&P Global Market Intelligence Radio & TV Annual Outlook from Kagan finds some good news in this years ad-revenue outlook and some not-so-goo...
22/10/2024
ESPN To Bring Tech-Heavy TGL Golf to Primetime in 2025
BRISTOL, Conn. and PALM BEACH GARDENS, Fla. TGL, the new tech-infused golf league founded by Tiger Woods and Rory McIlroy's TMRW Sports in partnership with...
22/10/2024
NAB Expresses Concentration Concerns Over SES-Intelsat Merger
WASHINGTON, D.C. The National Association of Broadcasters has filed a letter with the FCC expressing concerns about the impact the proposed merger between SES a...
22/10/2024
Michael Malone, Long-Time B+C' Editor and Reporter, Dies at 55
Michael Malone, a long-time reporter, editor and content director at Broadcasting+Cable, Multichannel News and NextTV, died Saturday (Oct. 19) at Memorial Sloan...
22/10/2024
Educational Cosmetic Procedure Live Streams Powered by Blackmagic Design
Educational Cosmetic Procedure Live Streams Powered by Blackmagic Design Brie Clayton October 21, 2024 0 Comments Elijah Zane Echeveste, an independen...
22/10/2024
FilmLight Colour Awards reveals 2024 nominees
FilmLight Colour Awards reveals 2024 nominees Brie Clayton October 21, 2024 0 Comments Jury selects 25 nominees across six categories - winners to be ...
22/10/2024
Title Rebuild with the Boris FX Suite: Kraven The Hunter
Title Rebuild with the Boris FX Suite: Kraven The Hunter Brie Clayton October 21, 2024 0 Comments Epic 3D Title Rebuild: Kraven The Hunter Title Anima...
22/10/2024
FIRST LOOK images released for upcoming Mark Gatiss drama Bookish on Alibi
UKTV today releases a selection of first look images for the upcoming U&Original series, Bookish (6x60') on specialist crime drama channel, Alibi. The brand...
22/10/2024
Tribeca Films Announces New Output Deals with Kanopy and Kinema to Distribute the Best of Independent Cinema to Wider Audiences
October 22nd, 2024 TRIBECA FILMS ANNOUNCES NEW OUTPUT DEALS WITH KANOPY AND KIN...
22/10/2024
SVG Summit 2024: NBC Sports' Reflection on Paris Olympics Highlights a Loaded Main Stage Agenda
SVG Summit 2024: NBC Sports' Reflection on Paris Olympics Highlights a Loade...
22/10/2024
TNT Sports' REMI Remodel: A Conversation With WBD VP, Technology and Operations, Chris Brown
TNT Sports' REMI Remodel: A Conversation With WBD VP, Technology and Operati...
22/10/2024
NBA Tip-Off 2024: NBA on TNT Plans a Bash in Beantown for Opening Night
NBA Tip-Off 2024: NBA on TNT Plans a Bash in Beantown for Opening Night Doubleheader offers Knicks-Celtics at 7:30, Timberwolves-Lakers at 10 By Kristian Hern...
22/10/2024
SVG All-Stars: Barney Carleton, Senior Director, Broadcast Planning and Strategy, NBA
SVG All-Stars: Barney Carleton, Senior Director, Broadcast Planning and Strategy...
22/10/2024
Netflix Releases Trailer for 'The Helicopter Heist'
Back to All News Netflix Releases Trailer for The Helicopter HeistPlay Video Play Video Entertainment 22 October 2024 GlobalSweden Link copied to clipboar...
22/10/2024
Uncover the Secret Pulse of AI-Enhanced Tokyo: Tokyo Override' Premieres November 21
Back to All News Uncover the Secret Pulse of AI-Enhanced Tokyo: Tokyo Override...
22/10/2024
Top 10 Week of Oct. 14: Outer Banks' Strikes Gold for Second Week, Lonely Planet' Rises to #1
Back to All News Top 10 Week of Oct. 14: Outer Banks' Strikes Gold for Sec...
22/10/2024
FilmLight Colour Awards: George Miller on Colour
The FilmLight Colour Awards 2024 jury recently gathered ahead of casting their final votes for this year's nominees. During the discussion, George Miller, 2...
22/10/2024
What Is Agentic AI?
AI chatbots use generative AI to provide responses based on a single interaction. A person makes a query and the chatbot uses natural language processing to rep...
22/10/2024
Maddie + Triggs begins Monday 21st October
Brand new series Maddie Triggs premieres on Monday 21st October at 11.10am on RT jr. 15 episodes will drop on RT Player at the same time. The series follows ...
22/10/2024
NVIDIA Brings Generative AI Tools, Simulation and Perception Workflows to ROS Developer Ecosystem
At ROSCon in Odense, one of Denmark's oldest cities and a hub of automation,...
21/10/2024
A Journalist Turns the Camera on Herself in Black Box Diaries
PARK CITY, UTAH - JANUARY 20: Hanna Avqilin, Shiori Ito, and Ema Ryan Yamazaki attend the 2024 Sundance Film Festival Black Box Diaries premiere at Prospector...
21/10/2024
NITV announces commissioning team appointments
NITV announces commissioning team appointments 21 October, 2024 Media releases NITV welcomes Dena Curtis as Head of Indigenous Commissioning and Production...
21/10/2024
Osher Gnsberg: A World of Pain premieres Thursday 21 November on SBS and SBS On Demand
Osher G nsberg: A World of Pain premieres Thursday 21 November on SBS and SBS On...
21/10/2024
Vizrt Taps Vanessa Walmsley as Chief Commercial Officer
BERGEN, Norway Vizrt, a provider of real-time graphics and live production solutions for content creators, has named Vanessa Walmsley as chief commercial office...
21/10/2024
Tegna Names Alex Tolston Chief Legal Officer
TYSONS, Va. Tegna has named Alex Tolston as senior vice president and chief legal officer. He'll also serve on the station group's leadership team, repo...
21/10/2024
Witbe Expands Automated Video Testing Support for MEA Pro...
Witbe, a worldwide leader in automated testing and monitoring technology for video service providers, today announced that the company is expanding its presence...
21/10/2024
Amagi and LeadStory Launch Personalized FAST News Channel...
Amagi, the global leader in cloud-based SaaS technology for broadcast and connected TV (CTV), today announced its collaboration with Samsung TV Plus and news pu...
21/10/2024
Amagis Cloud-Based Solutions Bring Skillshares Creative L...
Amagi, the global leader in cloud-based SaaS technology for broadcast and connected TV (CTV), today announced that Skillshare has chosen Amagi to be its partner...
21/10/2024
Black Box at Broadcast India Show 2024 Next-Gen IP KVM Wi...
Broadcast India Show 2024 Preview Oct. 17-19 Jio World Convention Centre, Mumbai Booth #I8 At Broadcast India Show 2024 in Booth #I8, Black Box will showca...
21/10/2024
LYNX Technik PEC 1464 Next Generation Solution for 12G SD...
LYNX Technik, provider of modular signal processing solutions, has introduced the PEC 1464, a 12G-SDI, HDMI H.264/265 Streamer and Recorder. As the company'...
21/10/2024
XL8 Updates EventCAT Subscription Packages for Delivering...
XL8, a leading deep-tech startup specializing in AI-powered machine translation technology, today announces the launch of its updated EventCAT subscription pack...