UPDATED 09:00 EST / DECEMBER 13 2023

SECURITY

2023 Holiday Season API Report reveals spike in cyberthreats to retailers

A new report released today by application programming interface security company Cequence Security Inc. warns that retail fraud is up nearly 700% as cybercriminals exploit the holiday shopping season.

The report is based on anonymized traffic and attack data from billions of transactions from Cequence’s customer base, which includes Fortune 500 and Global 2000 companies. It found that threat actors are evolving tactics and opting for a more nuanced approach that spreads attacks across a broader timeframe to blend in with legitimate traffic and evade detection.

Key findings in the report include what is described as a “pre-holiday cyber onslaught,” with gift card fraud increasing by 110% in the second half of 2023, while scraping, loyalty card fraud and payment card fraud increased by an average of over 700% as attackers lay the groundwork for holiday sale attacks ahead of retailer security crackdowns.

The report found a rising threat of trust-building account takeovers, with account takeovers up a whopping 410 times for retailers in the second half of the period analyzed, September to November 2023. Also discovered was a surge of “automated line-jumpers,” a process that involves large numbers of products being added to carts via automated tooling to volumetrically flood systems, purchasing as many in-demand items as possible to corner the market and preventing sales to legitimate customers.

Across its entire customer base, Cequence detected malicious traffic from 719 million unique IP addresses and 325 million malicious login attempts from June to November 2023, highlighting the scale of the threat.

“The 2023 holiday season exposed a chilling reality: cybercriminals are employing increasingly sophisticated attack methods and meticulously planning months in advance to exploit vulnerabilities,” said William Glazier, director of threat research at Cequence. “This long-term approach allows them to target unprepared retailers and unsuspecting customers, particularly during peak shopping periods. This shift underscores the urgent need for heightened vigilance and proactive security measures throughout the year.”

Glazier added that to combat sophisticated threats targeting APIs, organizations must discover and catalog all APIs, ensure rigorous adherence to industry standards, and deploy advanced threat detection and mitigation tools to defend against attacks.

Image: DALL-E 3

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU