Akamai reveals surge in attacks on e-commerce sites

June 28, 2023 - TuxCare PR Team

According to an Akamai report titled “Entering through the Gift Shop: Attacks on Commerce” that includes a 15-month evaluation beginning in January 2022, assaults on commerce platforms are growing, posing a huge danger to the digital landscape.

Akamai says 34% of 14 billion breaches were directed at e-commerce websites. Bot invasions, API assaults, remote code execution through local file inclusion attacks, and server-side vulnerabilities are among the advanced tactics used in these hostile intrusions. The report blames the increase in assaults to a variety of variables, including cloud infrastructure migration, the development of Internet of Things (IoT) devices, and the availability of dark net apps.

Another discovery is the exponential increase of harmful bot assaults across all categories, which surpassed 5 trillion events between early 2022 and March 2023, with no indications of abating. Furthermore, the study showed 314% increase in local file inclusion assaults, which are explicitly aimed at bypassing security systems in order to obtain unauthorized access and harvest important data. The e-commerce ecosystem’s increasing reliance on third-party vendors for JavaScript components exacerbates the risk scenario, increasing the attack surface for hackers.

According to Akamai, the highest attack volume across industries is in high technology (21.66%), followed by financial services (15.4%). Video media, manufacturing, government, and gaming are all targeted, but to a lesser level than commerce. Geographically, the data shows a tilt toward the retail subvertical throughout Europe, the Middle East, Asia, and Africa, accounting for 96.5% of assaults, compared to 3.3% targeting hotel and travel domains.

With the increase of web server vulnerabilities, the research concentrates on local file inclusion (LFI) assaults, which have surpassed SQL Injection attacks as the most common technique of penetration. LFI attacks take use of flaws in server file storage systems, allowing hackers to insert scripts into online pages and circumvent access limits. SQL Injection attempts accounted for just 12.24% of the recorded assaults, indicating a change in attacker strategies toward LFI vulnerabilities.

Akamai also underscores the inherent risks associated with third-party scripts, with 50% of the scripts used in the commerce sector originating from external sources. While not inherently malicious, these third-party scripts introduce potential security flaws that threaten organizations’ defense mechanisms.

The sources for this piece include an article in TechRepublic.

Summary