Cybercriminals target e-commerce sites over holiday season

By Joanna England
Share
Online shopping portals are being flooded with millions of ‘bad bots’ over the festive shopping season, experts warn...

Christmas online shopping is under attack from cybercriminals who are using ‘bad bot personas’ that are exploiting vulnerabilities in thousands of e-commerce sites.

According to Barracuda Networks, an email and cloud security company headquartered in California, widespread distributed denial of service (DDoS) attacks are being run from thousands of distinct IP addresses, making fraudulent purchases and exploiting vulnerabilities on online retail portals.

Barracuda networks revealed the breaches in their most recent analysis report Threat Spotlight, which highlighted the dangers facing vendors and shoppers over the Christmas season. 

The opportunities for cybercrime have increased exponentially following the global pandemic that has seen millions of retail outlets globally focus heavily on their online sales to survive. 

Christmas is the biggest shopping season in the UK and due to the tier system, most retail activity will be almost entirely online this year. The Barracuda Advanced Bot Protection solution ran a test web application, and observed that it had been targeted by over 90 million bad bot personas from over 340,000 distinct IP addresses, in just a few weeks.

Bad bot numbers

The data gathered by Barracuda researchers indicates 72% of bad bot traffic belonged to unspecified malicious users, 5% belonged to HeadlessChrome personas, and there was an increase in yerbasoftware and M12bot personas.

The researchers also observed that UK bot activity peaks mid-morning and doesn't fall off until closer to 5pm, which suggests that the cybercriminals (aka 'bot herders') follow a regular working day.

Brett Wolmarans, Director of Application Security Engineering for Barracuda Networks, said, "The holiday shopping season this year will be like no other. E-Commerce teams must ensure they carry out the necessary precautions to safeguard their applications against bad bots.

He added, “This includes installing a web application firewall, or ‘WAF-as-a-Service solution’, and making sure it is properly configured. Teams must also ensure application security solutions include anti-bot protection so they can effectively detect advanced automated attacks, and ‘credential stuffing protection’ should be enabled to prevent account takeover.”

Share

Featured Articles

Huawei: The Journey to Future 6G Networks Must Embrace AI

At the 6G Conference in Istanbul in September 2024, Huawei Wireless CTO Dr. Wen Tong states that 6G must embrace the ‘AI revolution’ to be successful

NGMN Champions New AI Framework for Autonomous 5G Networks

The guidance outlines principles for AI-driven autonomous networks, aiming to manage complexity and enhance user experience in 5G Advanced ecosystems

Dell Unveils AI Initiative to Revolutionise Telecom Industry

Dell launches AI for Telecom program to accelerate AI adoption in telecoms, partnering with NVIDIA and global operators to enhance network performance

James Gowen: Powering a Sustainable Future for Telecoms

Sustainability

Samsung SmartThings: 10 Years of Developing the Smart Home

Voice & Data

How Nokia Seeks to Enhance Rural Coverage Across Africa

Mobile Operators