"AI-Powered Attacks Flood Retail Websites"
According to security researchers at Imperva, in the last six months, retailers experienced over half a million (569,884) AI-driven attacks per day. These attacks originate from AI tools like ChatGPT, Claude, and Gemini, alongside specialized bots designed to scrape websites for LLM training data. The researchers observed a range of AI-driven threats, including bots, distributed denial of service (DDoS) attacks, API violations, and business logic abuse. The researchers noted that as the holiday shopping season approaches, retailers expect to experience their busiest sales period. Cybercriminals recognize this and are using generative AI tools and LLMs to capitalize on the increased volume of digital transactions, limited-time promotions, and the gift cards and loyalty points stored in customer accounts. During their research, the researchers identified business logic abuse as the most common AI-driven attack, accounting for 30.7% of all incidents. Business logic abuse involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, such as manipulating prices, bypassing authentication, or abusing discount codes. DDoS attacks, which aim to overwhelm a website's resources, accounted for 30.6% of all AI-driven threats to retailers, and attacks from bad bots accounted for 20.8% of AI-driven threats.
Infosecurity Magazine reports: "AI-Powered Attacks Flood Retail Websites"