AI-driven attacks targeting e-commerce platforms surge by 569,884 daily: report

by

Azunta Gaviola

-

12 months ago

The ‘What’s NEXT in Marketing 2025’ series is making waves in Singapore, the Philippines, Hong Kong, Indonesia, and Malaysia. Join us in shaping the future of marketing!

Singapore – A recent report from cybersecurity firm Imperva revealed that cybercriminals are increasingly using technologies like generative AI and large language models to increase both scale and sophistication of their attacks on e-commerce platforms. 

According to their 6-month analysis data, retail platforms collectively experience an average of 569,884 AI-driven attacks daily, driven by AI tools such as ChatGPT, Claude, Gemini, and bots specifically created to scrape websites for large language model training data.

Business logic abuse was also found to be the most common AI-driven attack, which makes up 30.7% of said incidents. This type of attack involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, including manipulating prices, bypassing authentication, or abusing discount codes. AI enables attackers to automate these exploits at scale, making them harder to detect. 

Following these attacks, the firm further encouraged retailers to protect themselves from said attacks by implementing strict validation on all user inputs. These measures also encompass using anomaly detection systems to identify unusual activities and conducting regular audits of their business processes to identify functionalities that could be abused. 

About 30.6% of AI-driven threats to retailers were also accounted for by DDoS attacks, overwhelming a website’s resources. This leads to downtime that can lead to lost sales and reputational damage, especially during peak shopping seasons. 

Retailers are also advised to invest in a DDoS protection solution that utilises machine learning to identify and mitigate malicious traffic in real time, ensuring that legitimate customers are not impacted. 

In addition to these threats, attacks from bad bots composed 20.8% of AI-driven threats targeting retailers. These automated threats engage in disruptive activities such as scraping pricing data, credential stuffing, and inventory hoarding.

Ultimately, as e-commerce platforms increasingly expose APIs for mobile applications and third-party integrations, API violations also saw approximately 16.1% of AI-driven attacks on retailers. 

Based on their research, cybercriminals exploit vulnerabilities in APIs to gain unauthorised access to sensitive data or functionality. With the assistance of AI, attackers can also quickly identify weak points in API implementations, making these threats particularly challenging to mitigate. 

For this type of threat, retailers are encouraged to enforce strict authentication and authorisation protocols, implement rate limiting to prevent abuse, and regularly conduct comprehensive security assessments and penetration testing. 

“While cybersecurity threats are a concern year-round, they become even more pronounced during the holiday shopping season, when retailers often experience record-breaking sales,” said Nanhi Singh, general manager of application security at Imperva, a Thales company. 

She further explained, “Cybercriminals recognise this and are using generative AI tools and LLMs to capitalise on the increased volume of digital transactions, limited-time promotions, and the gift cards and loyalty points stored in customer accounts.”

“In previous years, we’ve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats,” added Singh. 

“Without robust defences, retailers risk facing a perfect storm of AI-driven attacks that could disrupt operations, compromise customer data, and tarnish their reputations.

during the most critical time of the year. To effectively mitigate these threats, retailers must adopt a comprehensive strategy that not only defends against these attacks but also allows them to respond swiftly without disrupting the shopping experience,” she concluded. 

Celebrate the creativity and brilliance of advertising at the Advertising Awards Asia Pacific 2026! Happening this March in Singapore, we’ll be honouring the region’s most trailblazing advertising campaigns and visionary leaders— submit your entries today!
The NEXT Awards 2025 is here, and we’re seeking the most innovative marketing campaigns from Indonesiathe Philippines, Malaysia, Singapore and Asia Pacific. Submit your entry today and showcase your best work!
Share

RECENT ARTICLES

NTT DATA, AWS collaborate on AI-powered contact centre solutions
Temus strengthens Singapore AI capabilities through key partnerships, appointments
SailPoint introduces adaptive identity security platform as next generation of cybersecurity resilience
ServiceNow launches “AI Experience” to transform global enterprise workflows
Western Union launches new mobile app enhancing remittance services in the Philippines
Ellipse 3

RELATED ARTICLES

Australian businesses see rising annual losses linked to API insecurity, automated abuses_11zon
DDoS attacks targeting retail surge by nearly 61% since last year, impacting e-commerce platforms, online retail operations report_11zon (1)
Ellipse 3

FEATURED ARTICLES

Haris Izmee assumes leadership at Equinix as managing director for Indonesia (1)_11zon
Defence at the digital frontier Mimecast’s Stanley Hsu on building resilience against fraud, cyber risks in Singapore’s e-commerce scene
Tech in Focus How SUSE accelerates innovation, strengthens security across enterprise-grade products through open-source solutions_11zon (1)

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.