Need cloud computing? Get started now

PRESS RELEASE

Akamai Research: Commerce Remains Top Target With Over 14 Billion Web Application and API Attacks

Retailers targeted for 62 percent of commerce attacks

Cambridge, MA USA | June 13, 2023

Share

Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet report that spotlights the increasing number and variety of attacks on the commerce sector. Entering through the Gift Shop: Attacks on Commerce finds that commerce remains the most targeted web attack vertical, accounting for over 14 billion (34 percent) of observed incursions.

As commerce organizations increasingly rely on web applications to drive customer experience and online conversions, adversaries target vulnerabilities, design flaws or security gaps to abuse web-facing servers and applications. Retail remains the most targeted subvertical within commerce, accounting for 62 percent of attacks on the sector. This impacts both organizations and consumers.

The new Akamai research also finds that Local File Inclusion (LFI) attacks - that involve attackers exploiting vulnerabilities in how a web server stores or controls access to its files - increased by more than 300 percent between Q3 2021 and Q3 2022 and are now the most common attack vector used against the commerce sector. Just a few years ago, SQL injection (SQLi) was the most common incursion. This indicates an attack trend toward remote code execution and hackers leveraging LFI vulnerabilities to gain a foothold for data exfiltration.

Other key findings of Entering through the Gift Shop: Attacks on Commerce include:

  • Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), and Server-Side Code Injection (SSCI) have emerged as critical attack techniques to defend against and pose great threats to commerce organizations.
  • Half of the JavaScript that the commerce vertical uses comes from third-party vendors, and this introduces the increased threat of client-side attacks like web skimming and Magecart attacks. It is critical to put mechanisms in place that detect these attacks to remain compliant with new PCI DSS 4.0 requirements.
  • Attackers could also abuse security gaps in scripts, enabling a pathway for criminals to infiltrate bigger, lucrative targets in supply chains.
  • Akamai observed malicious bot requests surpassing 5 trillion events in 15 months, with assaults against commerce customers proliferating via credential stuffing attacks that can lead to fraud.
  • Over 30 percent of phishing campaigns targeted commerce brands in Q1 2023.
  • Attacks in Europe, Middle East, Asia and Africa (EMEA) are heavily skewed toward the retail subvertical, which accounts for 96.5 percent of attacks vs 3.3 percent for hotel and travel.
  • Commerce is the second most frequently targeted web attack vertical in Asia-Pacific and Japan (APJ) at over 20 percent.

“The commerce sector is characterized by a complex ecosystem that leverages web applications and APIs to drive business,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. “Entering through the Gift Shop: Attacks on Commerce examines various attack types that commerce organizations and their customers face. We highlight elements such as web applications, bots, phishing and the use of third-party scripts to gauge what is happening in this sector and to help both cybersecurity leaders and practitioners understand the critical threat trends impacting this industry.”

For additional information, the security community can access, engage with, and learn from Akamai’s threat researchers by visiting the Akamai Security Hub and following the team on Twitter at @Akamai_Research.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense-in-depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.