Sony Pixel Power calrec Sony

AI-driven Attacks Targeting Retailers Ahead of the Holiday Shopping Season

21/10/2024

Facebook

Twitter

LinkedIn

Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, warns that as generative AI tools and Large Language Models (LLMs) continue to proliferate and advance, cybercriminals are increasingly using these technologies to enhance the scale and sophistication of their attacks on eCommerce platforms.

With sales beginning as early as October and extending through late December, the holiday shopping season represents a critical time for online retailers. The surge in activity not only drives substantial revenue but also attracts malicious actors targeting retailers at a time when they can least afford downtime or a security incident. As this crucial period approaches, retailers must prepare for a range of AI-driven threats, including bots, distributed denial of service (DDoS) attacks, API violations, and business logic abuse.

While cybersecurity threats are a concern year-round, they become even more pronounced during the holiday shopping season, when retailers often experience record-breaking sales, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. Cybercriminals recognize this and are using generative AI tools and LLMs to capitalize on the increased volume of digital transactions, limited-time promotions, and the gift cards and loyalty points stored in customer accounts.

In a recent 6-month analysis (April 2024 - September 2024), data from Imperva Threat Research reveals that, on average, retail sites collectively experience 569,884 AI-driven attacks each day. These attacks originate from AI tools like ChatGPT, Claude, and Gemini, alongside specialized bots that are designed to scrape websites for LLM training data. An analysis of these attacks shows that cybercriminals are primarily using the AI tools to carry out the following types of attacks.

Business Logic Abuse: The most common AI-driven attack (30.7%), business logic abuse involves exploiting the legitimate functionalities of an application or API to carry out malicious actions, such as manipulating prices, bypassing authentication, or abusing discount codes. AI enables attackers to automate these exploits at scale, making them harder to detect. To protect against these attacks, retailers should implement strict validation on all user inputs, employ anomaly detection systems to identify unusual activities, and regularly audit their business processes to identify functionalities that could be abused.

DDoS Attacks: Representing 30.6% of all AI-driven threats to retailers, DDoS attacks aim to overwhelm a website's resources, resulting in downtime that can lead to lost sales and reputational damage-especially during peak shopping periods. Cybercriminals are now leveraging AI to coordinate large botnets more efficiently, enhancing the effectiveness of these attacks. Retailers should invest in a DDoS protection solution that utilizes machine learning to identify and mitigate malicious traffic in real time, ensuring that legitimate customers are not impacted.

Bad Bot Attacks: Attacks from bad bots account for 20.8% of AI-driven threats targeting retailers. These automated threats engage in disruptive activities such as scraping pricing data, credential stuffing, and inventory hoarding (scalping). The infamous Grinch bot, in particular, is notorious for its inventory hoarding during the holiday shopping season, making it increasingly difficult for consumers to purchase high-demand items. With advancements in AI, operators can now create bots that convincingly mimic human behavior, allowing them to evade traditional security measures. To combat this threat, retailers should implement bot management solutions that utilize behavioral analytics to differentiate between genuine users and sophisticated bots.



API Violations: As eCommerce platforms increasingly expose APIs for mobile applications and third-party integrations, API violations are on the rise, accounting for 16.1% of AI-driven attacks on retailers. Cybercriminals exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or functionality. With the assistance of AI, attackers can quickly identify weak points in API implementations, making these threats particularly challenging to mitigate. To safeguard their APIs, retailers should enforce strict authentication and authorization protocols, implement rate limiting to prevent abuse, and regularly conduct comprehensive security assessments and penetration testing.

These AI-driven attacks pose significant risks not only for retailers but also for consumers. Cybercriminals are leveraging AI to conduct bot attacks, abuse business logic, and disrupt systems, putting sensitive personal information-including credit card details, addresses, and account information-at increased risk. Successful attacks can lead to identity theft, financial loss, and a loss of trust in eCommerce platforms, with fraudulent charges and unauthorized account access negatively affecting consumers shopping experiences.

In previous years, weve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats, adds Singh. Without robust defenses, retailers risk facing a perfect storm of AI-driven attacks that could disrupt operations, compromise customer data, and tarnish their reputations during the most critical time of the year. To effectively mitigate these threats, retailers must adopt a comprehensive strategy that not only defends against these attacks but also allows them to respond swiftly without disrupting the shopping experience.

Additional Information:
LINK: https://www.thalesgroup.com/en/worldwide/digital-identity-and-security...
See more stories from thales

More from Thales

09/12/2024

Avinor selects Thales to deploy Norway's next-generation nationwide Unmanned Traffic Management system

Facebook Twitter LinkedIn Thales and Avinor have partnered to implement No...

06/12/2024

Copernicus Sentinel-1C Earth observation satellite successfully launched

Facebook Twitter LinkedIn Sentinel-1C will supply vital radar imagery for understanding climate change and preserving our planet Kourou, December 6, 2024...

03/12/2024

Thales Unveils Data Risk Intelligence to Redefine Data Risk Visibility and Proactive Risk Mitigation

Facebook Twitter LinkedIn Data Risk Intelligence combines posture and beha...

27/11/2024

Thales Alenia Space to lead Carb-Chaser project, the first French constellation to monitor human-induced CO emissions

Facebook Twitter LinkedIn Cannes, November 27, 2024 - Thales Alenia Space,...

22/11/2024

COOPANS, the Alliance Managing Europe's Largest Air Traffic Volume, Upgrades its Air Traffic Control (ATC) System with Thales

Facebook Twitter LinkedIn COOPANS is a leading international cooperation b...

22/11/2024

Press release

Facebook Twitter LinkedIn Thales confirms that the Parquet National Financier (PNF) in France and the Serious Fraud Office (SFO) in the United Kingdom hav...

21/11/2024

Thales unveils generative AI solution for Security Operations Centres (SOCs)

Facebook Twitter LinkedIn Thaless AI accelerator cortAIx has unveiled GenAI4SOC, the first solution of its kind developed in France, to detect cybersecuri...

21/11/2024

Thales prsente sa solution d'IA gnrative ddie aux Centres oprationnels de cyberscurit (SOC)

Facebook Twitter LinkedIn Les quipes de cortAIx, l'acc l rateur d'...

20/11/2024

Thales's Friendly Hackers unit invents metamodel to detect AI-generated deepfake images

Facebook Twitter LinkedIn As part of the challenge organised by Frances De...

18/11/2024

Thales strengthens Portugal's very short-range air defence capabilities with ForceShield system

Facebook Twitter LinkedIn Thales and NATO Support and Procurement Agency (...

14/11/2024

2024 Capital Markets Day: Thales, a global technology leader in Defence, Aerospace and Cyber & Digital

Facebook Twitter LinkedIn Thales has successfully reinforced its business ...

13/11/2024

Eastern Airlines Technic and Thales extend MRO cooperation

Facebook Twitter LinkedIn Eastern Airlines Technic (EASTEC) and Thales renewed their Maintenance Partnership Agreement, strengthening their collaboration ...

12/11/2024

Koreasat 6A communications satellite successfully launched

Facebook Twitter LinkedIn Cannes, November 12th, 2024 - The Koreasat 6A communications satellite was successfully launched yesterday by a SpaceX Falcon 9 ...

07/11/2024

Celebrating Ethiopian Airlines delivery of the first A350-1000 in Africa equipped with Thales's AVANT Up IFE

Facebook Twitter LinkedIn Ethiopian Airlines is the 1st Airbus A350-1000 i...

07/11/2024

Thales and Bleuet de France: a partnership for solidarity and recognition

Facebook Twitter LinkedIn Thales, a global leader in advanced technologies specialising in Defence, Aerospace & Space, and Cybersecurity & Digital Identit...

06/11/2024

Thales and FEBUS Optics sign strategic co-development agreement to protect critical undersea infrastructure

Facebook Twitter LinkedIn Thales has concluded an agreement with FEBUS Opt...

05/11/2024

Thales to empower JetZero's innovative aircraft for safe and eco-friendly flights

Facebook Twitter LinkedIn The aviation industry has committed to achieving...

04/11/2024

Thales: Launch of the 2024 Employee Share Ownership Plan

Facebook Twitter LinkedIn Thales (Euronext Paris: HO) announces the launch of its 2024 employee share ownership plan, running from Monday 4 November to Fr...

04/11/2024

Thales AI developments enhance operational performance of maritime mine countermeasures

Facebook Twitter LinkedIn At the Euronaval exhibition at Paris Nord Villep...

04/11/2024

Thales's Naval DRAKON solution enhances interoperability and secure connectivity for naval forces

Facebook Twitter LinkedIn With the return of high-intensity conflicts and ...

31/10/2024

Thales' Suite of IFE Accessibility SolutionsWins Prestigious Crystal Cabin Award

Facebook Twitter LinkedIn The Crystal Cabin Award Association recognized T...

29/10/2024

A NEW SATELLITE AGREEMENT TO STRENGTHEN THE PAN-AFRICAN STRATEGIC PARTNERSHIP BETWEEN FRANCE AND MOROCCO

Facebook Twitter LinkedIn French President Emmanuel Macron set to meet wit...

28/10/2024

Thales and BCG Announce Partnership to Enhance Cyber Resilience for Large Companies

Facebook Twitter LinkedIn Thales and Boston Consulting Group (BCG) have an...

28/10/2024

Qatar Airways Signs Agreement with Thales to Equip A321 NX Fleet with Award Winning FlytEDGE IFE System

Facebook Twitter LinkedIn Qatar Airways and Thales have signed an agreemen...

24/10/2024

Thales and the Max Planck Institute for Plasma Physics set a world record in the field of nuclear fusion

Facebook Twitter LinkedIn Developed in collaboration with the Max Planck I...

23/10/2024

Thales reports its order intake and sales as of September 30, 2024

Facebook Twitter LinkedIn Order intake: 15.6 billion, up 23% on an organic basis1 ( 26% total change) Sales: 14.1 billion, up 6.2% on an organic basis ...

21/10/2024

AI-driven Attacks Targeting Retailers Ahead of the Holiday Shopping Season

Facebook Twitter LinkedIn Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, warn...

17/10/2024

Thales makes first shipment of 300 night vision goggles for French Army under Bi-NYX contract

Facebook Twitter LinkedIn French forces have received the first 300 Thales...

16/10/2024

Thales demonstrates its capacity to deploy drone swarms with unparalleled levels of autonomy using AI

Facebook Twitter LinkedIn On 16 October 2024, in the first flight tests of...

16/10/2024

ESA orders 6 additional radar-based satellites to Thales Alenia Space for IRIDE Earth observation constellation

Facebook Twitter LinkedIn This new batch of radar satellites will also be ...

16/10/2024

German Armed Forces receive final Ground Alerter 10 sense and warn camp protection system

Facebook Twitter LinkedIn On 16 October 2024, Thales officially handed ove...

15/10/2024

Thales radios successfully tested by the German Armed Forces to be deployed within the NATO enhanced Forward Presence

Facebook Twitter LinkedIn The German Armed Forces conducted operational te...

15/10/2024

KNDS selects Thales Power Systems Solution for the Leopard 2 A8

Facebook Twitter LinkedIn KNDS awarded Thales a contract to deliver compact, programable and scalable High-Power Solid-State Power Distribution Boards (SS...

14/10/2024

ESPRIT module for Lunar Gateway orbital outpost set for a significant upgrade

Facebook Twitter LinkedIn Thales Alenia Space and ESA sign contract amendment to extend and optimize ESPRIT module Milan, October 14, 2024 - Thales Aleni...

09/10/2024

Thales to supply handheld thermal imagers to the Canadian Army

Facebook Twitter LinkedIn The Thales Sophie Ultima long-range handheld thermal imagers have been selected by the Canadian Armed Forces, the first contract...

08/10/2024

Hera planetary defence mission successfully launched

Facebook Twitter LinkedIn Hera aims to confirm if it is possible to deflect a hazardous asteroid on a collision course with the Earth, as a repeatable str...

07/10/2024

Thales to bring its expertise in advanced air mobility to the North Dakota Unmanned Autonomous Systems Council

Facebook Twitter LinkedIn Thales, the global high technology leader and in...

18/09/2024

Thales contributes to the production of seven additional sections of the SAMP/TNG for the French Air and Space Forces

Facebook Twitter LinkedIn Thales As announced on the 17 September 2024 ...

18/09/2024

Vulnerable APIs and Bot Attacks Costing Businesses up to $186 Billion Annually

Facebook Twitter LinkedIn API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally Bot-related security...

17/09/2024

Thales Australia's Lithgow Arms partners with Vbenfabrikken to establish Danish small arms industrial capability

Facebook Twitter LinkedIn On 17 September 2024, Thales Australia and Denma...

17/09/2024

Thales joins the CAC 40 ESG index

Facebook Twitter LinkedIn The inclusion of Thales in this index reflects the Groups accelerating progress in terms of social and environmental responsibil...