"Bot Warning for Retailers Ahead of Busy Shopping Season"

Security researchers at Imperva stated that retailers can expect a surge in bot-driven account takeovers (ATOs), DDoS attacks, card fraud, and more as they prepare for the busiest shopping period of the year.  The researchers found that 40% of traffic on retailers’ websites over the past 12 months came from bots, automated software that’s often malicious in intent.  The researchers noted that automated threats caused 62% of security incidents in the period.  Bot-related attacks on retail sites surged 10% in October and another 34% in November 2021, suggesting that bot operators will again increase their activity around the peak shopping period this year.  This includes ATO attacks, 64% of which were linked to bad bots last year, using techniques such as credential stuffing, where previously breached passwords and usernames are tried against different accounts across the web.  Another popular tactic is using bots to buy up in-demand inventory and then selling it at a profit.  The researchers noted that DDoS attacks are a perennial threat for retailers, who could lose millions during busy shopping periods if their websites and apps are taken offline.  The researchers revealed that the number of attacks greater than 100 Gbps doubled year-on-year in 2021, and attacks larger than 500 Gbps increased by 287%.  The researchers noted that organizations targeted by an attack are often hit again within 24 hours.  The researchers stated that 55% of sites targeted by an application-layer DDoS and 80% by a network-layer DDoS were attacked multiple times.

Infosecurity reports: "Bot Warning for Retailers Ahead of Busy Shopping Season"