Holiday shoppers face increased risk of cyberattacks


Almost 30% of cyberattacks fall on retail, putting shoppers hunting for holiday deals at risk, security experts have warned.

Both retailers and consumers should take extra caution during the holiday season, with online shopping platforms already a prime target for cybercriminals, particularly vulnerable at this time of the year, according to security provider Qrator Labs.

In a recent report, the firm said that the financial sector “bore the brunt” of the distributed denial-of-service (DDoS) attacks, representing 42.06% of all incidents, but e-commerce was not far behind with 29.80%.

ADVERTISEMENT

According to Qrator Labs, this heightened focus on retail could be linked to the preparation for the fall-winter season, with the intensity of last year’s attacks serving as a warning.

Shortly before Christmas last year, on December 22nd, 2022, one retail resource endured a 39-minute assault, averaging 5,172 requests per second and peaking at 9,960 requests per second.

The longest-lasting application-level attack was also observed in the e-commerce sector. While the attack was of low intensity at 527 requests per second, it persisted for over three days.

Bots pose another problem and could cause substantial damage by infiltrating user accounts, with a “staggering” 95% of the scrutinized bot traffic accessing retail websites through unified client accounts, according to Qrator Labs.

As a result, customers risk compromised identities, leaked information, and disruptions in the purchasing process. For businesses, bot attacks can distort critical metrics, undermine marketing efforts, and result in slow or inaccessible websites.

“To mitigate these risks, companies should adopt proactive behavioral analysis, leverage security services, and deploy predictive algorithms to counter bot threats, especially during the holiday sales season,” Qrator Labs’ Victor Zyamzin said.

“These measures play a crucial role in differentiating between legitimate and harmful bot traffic, offering robust defense against automated content searches, data scraping, brute-force attacks, and DDoS attacks,” Zyamzin said.

Meanwhile, users should consider “employing additional security services, changing passwords regularly, using distinct passwords for each e-commerce website, enabling two-factor authentication, and regularly checking account logins.”

ADVERTISEMENT

Earlier, the federal authorities warned of some of the most common scams cybercriminals employed during the festive season as part of the government’s Don’t Click December initiative.

Holiday shoppers should also be aware of a new wave of SMS-based attacks, as cybercriminals continue to employ distinctly low-tech methods to trick their victims in addition to the more sophisticated ones.