Security Market Segment LS
Thursday, 04 November 2021 11:09

Retail sector faces increased ‘holiday season’ cybersecurity attacks Featured

By Staff Writer

Cybersecurity risks in the retail industry suggests that the 2021 holiday shopping season will be further disrupted by cybercriminals looking to create chaos and take advantage of an unprecedented global supply chain crisis, according to one security firm.

The alert comes from cybersecurity company Imperva in its 12-month analysis on cybersecurity risks in the retail industry in its State of Security Within eCommerce report.

On the Australian cybersecurity landscape, Imperva says that last year cybersecurity incidents in the Australian retail sector peaked from September 2020 through to January 2021, coinciding with the key holiday shopping season - and retailers should expect the same to happen this year.

According to Imperva Research Labs, while incidents in Australia did drop in February, they have remained higher than 2020 levels - and to date, incidents are 12% higher this year compared to 2020 (comparing Jan-Sep 2020 to Jan-Sep 2021).

“Increased levels of cybersecurity activity are a fundamental business risk for retailers. From website outages to online fraud, security incidents lead to loss of sales and unhappy customers,” warns Imperva.

“Given the widespread impact of the global supply chain crisis, the impact of a single cyber-attack on a retailer in Q4 could be devastating.

“Any disruption will delay shipments and could keep physical and digital store shelves empty throughout the holiday season. The unprecedented situation has reached such a fever pitch that some retailers might find themselves out of business altogether.”

Imperva highlights concerns about malicious bots, warning that online retail remains a prime target for automated bot activity in 2021.

“Bots carry out an array of disruptive, and even malicious, activities on retail sites including: price and content scraping, scalping, denial of inventory and other types of online fraud,” warns Imperva.

“In 2021, the volume of monthly bot attacks on retail websites rose 13%, compared to the same months of the previous year. This underscores the growing threat retailers and consumers face from bad bot activity. Imperva Research Labs finds that a majority (57%) of attacks recorded on eCommerce websites this year were carried out by bots. In comparison, bad bots made up just 33% of the total attacks on websites in all other industries in 2021.”

 Imperva notes that Australia is a top target for bots attacks, placing 4th globally, and bots were the top type of security incident in Australia in the past 12 months. with the country’s bot presence significantly higher than the global average (80% compared to 57% globally).

“One specific type of fraud, account takeover, is a risk for consumers who have login accounts that store their credit card or payment information on eCommerce sites. Compared to other industries, online retailers experienced a higher volume of account takeover logins (32.8%) in 2021, compared to the average logins (25.5%) across all other industries,” warns Imperva.

“More worrisome, the proportion of sophisticated bad bots on retail websites reached 23.4% in 2021. This breed of bot is the hardest to stop because they’re capable of producing mouse movements and clicks that closely resemble human behaviour. Sophisticated bots evade simple defences and are responsible for account takeover, fraud or denial of inventory that makes it harder for legitimate shoppers to get the goods they want.

“In particular, Imperva Research Labs has monitored elevated levels of denial of inventory bot traffic around the time of pre-order and launch sales for popular gaming systems. Most recently, it was evidenced in the 88% rise in bad bot traffic to global retail sites days before the launch of the Nintendo Switch OLED.”

 Other key findings for Australian eCommerce from the Imperva report are:

  • DDoS attacks: As the holiday shopping season commences, Imperva Research Labs is already seeing an uptick globally in DDoS attacks -- spiking 200% in September 2021, compared to the month prior. Australia is in the top 3 target countries for application layer DDoS attacks (5.2%).
  • Website attacks: The top three web application attack attempts in Australian eCommerce were Data Leakage (38%), RCE / RFI (17%) and XSS (16%). 
  • RCE / RFI: Australian eCommerce saw a spike in RCE/RFI in November 2020 (28% above the average), coinciding with the Black Friday/Cyber Monday shopping period. It peaked again in March 2021 (43% above the monthly average).
  • Injection attacks: Australian eCommerce saw a significant spike in injection attacks in both July 2021 (58% above the monthly average) and September 2021 (41% above the monthly average).

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Share News tips for the iTWire Journalists? Your tip will be anonymous