CIO Influence
Analytics Bots/Intelligent Assistants CIO Influence News Security

Retail Fraud Jumps 96 Percent YoY This Labor Day, Sparking Holiday Shopping Concerns

Retail Fraud Jumps 96% YoY This Labor Day, Sparking Holiday Shopping Concerns

CQ Prime threat research finds retailers could lose up to $60,000 an hour without proper API and bot protection

Cequence, a pioneer in API security and bot management, today released alarming new data revealing a 96% surge in attack traffic targeting retailers during the Labor Day weekend.

Also Read: AI, Financial Crime, and the Battle for Control: Who’s Winning the Arms Race?

“Our research makes it clear that retailers are prime targets for cybercriminals, making immediate action not just important, but imperative”

Post this

Developed by the CQ Prime threat research team, the data is based on real, anonymized traffic and attack data from Cequence’s retail customer base, comprised of Fortune 500 and Global 2000 companies, and sampled from billions of transactions. Cequence’s threat researchers observed significant increases in malicious activity targeting retailers over the holiday weekend.

Key findings include:

  • Retailers Under Siege Labor Day Weekend: The retail vertical saw a 96% surge in attack traffic over Labor Day weekend as compared to last year.
  • Bots Up Their Game for the Holidays: Retailers faced a 79% surge in blocked bot traffic as compared to last year.
  • Cybercriminals Target Retailers with Account Takeovers: Cequence blocked over 26.69 million account takeovers (ATOs) during the Labor Day sales period.
  • Attack Traffic Soars for Major Retailer: During a recent summer sales event, a notable retailer witnessed a blocked bot traffic surge of 435% compared to normal levels. The volume of malicious traffic experienced a staggering 2,724% increase from normal levels, indicating a significant surge in malicious activity during the major sales event.
  • Cybersecurity Gaps Prove Costly for Retailers: Retailers could lose $60,000 every hour without proper bot and API protection, especially during high-traffic periods like holiday weekends.
  • Latest iPhone Drives Spike in API Calls: Since the iPhone 16’s launch in early September, Cequence has managed over 6.7 billion API calls for eight of the world’s top telecommunications companies. Notably, 37% of this traffic was malicious.

Also Read: Liquid Infrastructure Launches as the World’s First Tokenized Telecom Asset Platform

“During holiday seasons, retailers often face a perfect storm of increased vulnerability,” said William Glazier, Director of Threat Research at Cequence. “Reduced staffing levels, coupled with the surge in online activity driven by sales and promotions, create a prime opportunity for cybercriminals to exploit. Retailers risk significant financial losses due to fraudulent activities without robust bot and API protection.”

To mitigate these threats, Cequence recommends that retail businesses take the following steps:

  • Practice, Practice, Practice: Regularly review policies and procedures, and run practice drills tailored to an organization’s unique risks. Consider perspectives from the company, customers and potential attackers.
  • Know What to Protect: Maintain a detailed and up-to-date inventory of public-facing applications and associated APIs, as many attacks succeed due to overlooked or unknown endpoints.
  • Prioritize Business Goals: Focus on what drives success for the business. If speed is key, optimize performance; if user experience matters, ensure secure and fast user validation using methods like canary headers and known IPs.
  • Leverage Security Systems: Implement multi-factor authentication and monitor systems for unusual activity, especially during peak times.
  • Monitor User Activity: Track login patterns to identify anomalies, such as a user logging in 50 times in an hour from various global IP addresses, which could indicate an account takeover attempt.

“Our research makes it clear that retailers are prime targets for cybercriminals, making immediate action not just important, but imperative,” Glazier said. “While these measures should be a priority year-round, now is the time for retailers to get ahead of threat actors as peak shopping periods quickly approach.”

Additional Resources:

  • Download the infographic to learn more about the challenges retailers face during holiday shopping spikes.
  • Learn more about our Unified API Protection platform.
  • Follow us on LinkedIn and X

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Pythian Adds Security Assessment to its Managed Google Workspace Administrative Services

CIO Influence News Desk

Hornetsecurity Elevates Email Security and Deliverability for Administrators and CISOs with DMARC Manager

PR Newswire

Auvik Report Finds that Post-pandemic IT Networks are Less Complex and More Agile than Ever Before

CIO Influence News Desk