AI-driven attacks targeting e-commerce platforms surge by 569,884 daily: report

by

Azunta Gaviola

-

1 month ago

Get ready to explore the future of marketing and elevate your business! The ‘What’s NEXT in Marketing 2024-2025’ series is heading to Indonesia, Malaysia, the Philippines, Singapore, and Hong Kong. Don’t miss out!

Singapore – A recent report from cybersecurity firm Imperva revealed that cybercriminals are increasingly using technologies like generative AI and large language models to increase both scale and sophistication of their attacks on e-commerce platforms. 

According to their 6-month analysis data, retail platforms collectively experience an average of 569,884 AI-driven attacks daily, driven by AI tools such as ChatGPT, Claude, Gemini, and bots specifically created to scrape websites for large language model training data.

Business logic abuse was also found to be the most common AI-driven attack, which makes up 30.7% of said incidents. This type of attack involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, including manipulating prices, bypassing authentication, or abusing discount codes. AI enables attackers to automate these exploits at scale, making them harder to detect. 

Following these attacks, the firm further encouraged retailers to protect themselves from said attacks by implementing strict validation on all user inputs. These measures also encompass using anomaly detection systems to identify unusual activities and conducting regular audits of their business processes to identify functionalities that could be abused. 

About 30.6% of AI-driven threats to retailers were also accounted for by DDoS attacks, overwhelming a website’s resources. This leads to downtime that can lead to lost sales and reputational damage, especially during peak shopping seasons. 

Retailers are also advised to invest in a DDoS protection solution that utilises machine learning to identify and mitigate malicious traffic in real time, ensuring that legitimate customers are not impacted. 

In addition to these threats, attacks from bad bots composed 20.8% of AI-driven threats targeting retailers. These automated threats engage in disruptive activities such as scraping pricing data, credential stuffing, and inventory hoarding.

Ultimately, as e-commerce platforms increasingly expose APIs for mobile applications and third-party integrations, API violations also saw approximately 16.1% of AI-driven attacks on retailers. 

Based on their research, cybercriminals exploit vulnerabilities in APIs to gain unauthorised access to sensitive data or functionality. With the assistance of AI, attackers can also quickly identify weak points in API implementations, making these threats particularly challenging to mitigate. 

For this type of threat, retailers are encouraged to enforce strict authentication and authorisation protocols, implement rate limiting to prevent abuse, and regularly conduct comprehensive security assessments and penetration testing. 

“While cybersecurity threats are a concern year-round, they become even more pronounced during the holiday shopping season, when retailers often experience record-breaking sales,” said Nanhi Singh, general manager of application security at Imperva, a Thales company. 

She further explained, “Cybercriminals recognise this and are using generative AI tools and LLMs to capitalise on the increased volume of digital transactions, limited-time promotions, and the gift cards and loyalty points stored in customer accounts.”

“In previous years, we’ve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats,” added Singh. 

“Without robust defences, retailers risk facing a perfect storm of AI-driven attacks that could disrupt operations, compromise customer data, and tarnish their reputations.

during the most critical time of the year. To effectively mitigate these threats, retailers must adopt a comprehensive strategy that not only defends against these attacks but also allows them to respond swiftly without disrupting the shopping experience,” she concluded. 

 

Happening in Singapore on 19-20 February 2025, the ‘What’s NEXT in Marketing: Singapore 2025’ event presents an exceptional opportunity for marketers and industry leaders to talk about the future of marketing and drive success in the Singaporean market! Register now to secure your slot!
Join MARKETECH APAC and Bird for the ‘WhatsApp Marketing Masterclass‘ workshop and unlock effective strategies to engage and retain customers. Happening on 5 December 2024 at Sheraton Petaling Jaya, Malaysia—register your interest HERE!
Share

RECENT ARTICLES

Mimecast welcomes David Sajoto as new vice president and general manager for APJ
Hitachi Vantara, NVIDIA HGX join forces to redefine AI infrastructure, launch Hitachi iQ
Netcore Cloud’s new partnership with Google Cloud to enhance marketing tech, customer engagement with AI
Prudential to drive digital transformation, elevate customer experience with launch of new AI lab in SG
Warrix partners with Salesforce’s Slack for efficient task management, communication efficiency across teams
Ellipse 3

RELATED ARTICLES

Australian businesses see rising annual losses linked to API insecurity, automated abuses_11zon
DDoS attacks targeting retail surge by nearly 61% since last year, impacting e-commerce platforms, online retail operations report_11zon (1)
Ellipse 3

FEATURED ARTICLES

Haris Izmee assumes leadership at Equinix as managing director for Indonesia (1)_11zon
Defence at the digital frontier Mimecast’s Stanley Hsu on building resilience against fraud, cyber risks in Singapore’s e-commerce scene
Tech in Focus How SUSE accelerates innovation, strengthens security across enterprise-grade products through open-source solutions_11zon (1)

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.