SECURITY
SECURITY
SECURITY
2023 Holiday Season API Report reveals spike in cyberthreats to retailers
A new report released today by application programming interface security company Cequence Security Inc. warns that retail fraud is up nearly 700% as cybercriminals exploit the holiday shopping season.
The report is based on anonymized traffic and attack data from billions of transactions from Cequence’s customer base, which includes Fortune 500 and Global 2000 companies. It found that threat actors are evolving tactics and opting for a more nuanced approach that spreads attacks across a broader timeframe to blend in with legitimate traffic and evade detection.
Key findings in the report include what is described as a “pre-holiday cyber onslaught,” with gift card fraud increasing by 110% in the second half of 2023, while scraping, loyalty card fraud and payment card fraud increased by an average of over 700% as attackers lay the groundwork for holiday sale attacks ahead of retailer security crackdowns.
The report found a rising threat of trust-building account takeovers, with account takeovers up a whopping 410 times for retailers in the second half of the period analyzed, September to November 2023. Also discovered was a surge of “automated line-jumpers,” a process that involves large numbers of products being added to carts via automated tooling to volumetrically flood systems, purchasing as many in-demand items as possible to corner the market and preventing sales to legitimate customers.
Across its entire customer base, Cequence detected malicious traffic from 719 million unique IP addresses and 325 million malicious login attempts from June to November 2023, highlighting the scale of the threat.
“The 2023 holiday season exposed a chilling reality: cybercriminals are employing increasingly sophisticated attack methods and meticulously planning months in advance to exploit vulnerabilities,” said William Glazier, director of threat research at Cequence. “This long-term approach allows them to target unprepared retailers and unsuspecting customers, particularly during peak shopping periods. This shift underscores the urgent need for heightened vigilance and proactive security measures throughout the year.”
Glazier added that to combat sophisticated threats targeting APIs, organizations must discover and catalog all APIs, ensure rigorous adherence to industry standards, and deploy advanced threat detection and mitigation tools to defend against attacks.
Image: DALL-E 3
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
