The latest Akamai Research report uncovers a harsh reality: the commerce sector remains at the top of the hit list for web application and API attacks. With over 14 billion observed incursions, it’s evident that the digital landscape of commerce is a prime target for cybercriminals.
Overview of Akamai Research Findings
Akamai Technologies, the global leader in powering and protecting life online, recently unveiled a new State of the Internet report titled “Entering through the Gift Shop: Attacks on Commerce”. The study finds commerce to account for over 14 billion (34 percent) of observed incursions, making it the most targeted web attack vertical.
The Growing Threat of Web Application and API Attacks
As the reliance on web applications and APIs grows in commerce organizations, so does the threat landscape. Adversaries are targeting vulnerabilities, design flaws, and security gaps to exploit web-facing servers and applications.
The Rise of Local File Inclusion Attacks
Interestingly, Akamai Research has found a sharp rise in Local File Inclusion (LFI) attacks, escalating over 300 percent between Q3 2021 and Q3 2022. Once dominated by SQL injection, the trend of attacks has shifted toward remote code execution and leveraging LFI vulnerabilities for data exfiltration.
The Risk of Third-Party Vendor Vulnerabilities
Another alarming finding is the elevated risk from third-party vendor scripts. Half of the JavaScript used by the commerce sector comes from third parties, which significantly increases the threat of client-side attacks like web skimming and Magecart attacks. This necessitates stringent mechanisms for detecting these attacks to remain compliant with new PCI DSS 4.0 requirements.
How Bot Requests are Impacting Commerce
The Akamai Research also observed that malicious bot requests surpassed 5 trillion events in just 15 months. Assaults against commerce customers are proliferating, primarily via credential stuffing attacks that can lead to fraud.
The Threat of Phishing Campaigns
Phishing continues to be a menace, with over 30 percent of phishing campaigns in Q1 2023 targeted at commerce brands. It is critical that businesses educate their employees and customers about this persistent threat.
Regional Attack Patterns
In the EMEA region, the retail subvertical takes the brunt of attacks, accounting for 96.5 percent of incidents compared to 3.3 percent for hotel and travel. In the Asia-Pacific and Japan (APJ), commerce is the second most frequently targeted web attack vertical, at over 20 percent.
Conclusion and Recommendations from Akamai
Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai, stresses the importance of understanding the diverse attack types commerce organizations and their customers face. The Akamai Research aims to shed light on these threats and help both cybersecurity leaders and practitioners recognize the critical trends impacting the industry.
About Akamai Technologies
Akamai is a leading company that powers and protects life online, helping billions of people live, work, and play every day. Its massively distributed edge and cloud platform, Akamai Connected Cloud, keeps applications and experiences closer to users while keeping threats at bay.
Final Word
As we navigate through the intricate ecosystem of the commerce sector, it’s clear that our cybersecurity defenses must evolve just as rapidly as the threats we face. Akamai Research provides valuable insights that empower us to take proactive measures to mitigate these risks.
Are you part of the commerce industry? How are you tackling these threats? Share your thoughts and experiences in the comments below. We’d love to hear your perspective on this ever-evolving issue.
