Rise in 'bad bot' cyber attacks threatening Australia's retail industry
In a recent publication, cybersecurity leader Imperva has analysed the situation of cyber threats affecting eCommerce websites and applications. They found that Business Logic Attacks (BLAs), conducted by sophisticated 'bad bots', made up 66% of all online attacks on retailers in Australia.
These types of attacks pose a significant threat to Australia's retail industry because the main focus of business logic attacks is to abuse API connections, Imperva states.
An increase of 118% YoY was observed in the occurrence of Business Logic Attacks on eCommerce sites. Attackers' main objective in BLAs is to exploit business logic and manipulate pricing or gain access to restricted products. In the past year, these attacks represented the majority of all attacks against Australian retail websites. The spike in these attacks is almost 30% higher than the global average, which sits at 37%.
Imperva's 2023 Bad Bot Report highlights bad bots manipulating business logic as a main form of API abuse. In fact, 17% of all attacks on API come from these malicious bots.
The most substantial challenges in countering these threats come from a lack of pattern in the attacks and the inability to enforce a generic rule to guarantee the security of all application and API deployments.
"The digital transformation of Asia's retail sector was accelerated by the pandemic. However, the diverse markets, complex supply chains, and varying cybersecurity readiness levels within the region have made Asian retailers particularly susceptible to these increasingly complex security threats," commented George Lee, Senior Vice President, Asia Pacific and Japan at Imperva.
He also expressed concern over the rise in bot sophistication, as this new breed of automation can compromise APIs and user accounts, directly affecting retailers' year-end sales and ultimately their profits.
Increased sophistication in bot technology is a cause for concern, with over 60% of automated traffic in Australia made up of dangerous bots. One particular category of harmful bot known as Grinch bots often cause disruption during holiday sales events.
Grinch bots purchase the most sought-after items to resell them at a higher rate in demand periods. This year, there has been a sixfold increase in the number of Application layer DDoS attacks on retailers aiming to disrupt applications or take them offline.
The threat of cyber attacks on Australian online retailers also looks to rise with the incoming 2023 holiday shopping season. A significant surge in Business Logic Attacks occurred in Australia from September 3, indicating that these automated attacks may continue through Black Friday and Cyber Monday.
Retailers are advised to be particularly vigilant against Grinch bots during these high-sale event days, as there is already a fifteenfold increase in the number of application layer DDoS attacks compared to last year, Imperva states.