Akamai Research: Commerce Remains Top Target With Over 14 Billion Web Application and API Attacks

Rhea-AI Summary

Akamai Technologies releases State of the Internet report highlighting attacks on the commerce sector, with retail being the most targeted subvertical.

Positive

• Retail remains the most targeted subvertical within commerce, accounting for 62 percent of attacks on the sector.
• Local File Inclusion (LFI) attacks increased by more than 300 percent between Q3 2021 and Q3 2022 and are now the most common attack vector used against the commerce sector.
• Over 30 percent of phishing campaigns targeted commerce brands in Q1 2023.

Negative

• None.

Retailers Targeted for 62 Percent of Commerce Attacks.

CAMBRIDGE, Ma., June 13, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, released a new State of the Internet report today that spotlights the increasing number and variety of attacks on the commerce sector. Entering through the Gift Shop: Attacks on Commerce finds that commerce remains the most targeted web attack vertical, accounting for over 14 billion (34 percent) of observed incursions.

As commerce organizations increasingly rely on web applications to drive customer experience and online conversions, adversaries target vulnerabilities, design flaws or security gaps to abuse web-facing servers and applications. Retail remains the most targeted subvertical within commerce, accounting for 62 percent of attacks on the sector. This impacts both organizations and consumers.

The new Akamai research also finds that Local File Inclusion (LFI) attacks - that involve attackers exploiting vulnerabilities in how a web server stores or controls access to its files - increased by more than 300 percent between Q3 2021 and Q3 2022 and are now the most common attack vector used against the commerce sector. Just a few years ago, SQL injection (SQLi) was the most common incursion. This indicates an attack trend toward remote code execution and hackers leveraging LFI vulnerabilities to gain a foothold for data exfiltration.

Other key findings of Entering through the Gift Shop: Attacks on Commerce include:

• Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), and Server-Side Code Injection (SSCI) have emerged as critical attack techniques to defend against and pose great threats to commerce organizations.
• Half of the JavaScript that the commerce vertical uses comes from third-party vendors, and this introduces the increased threat of client-side attacks like web skimming and Magecart attacks. It is critical to put mechanisms in place that detect these attacks to remain compliant with new PCI DSS 4.0 requirements.
• Attackers could also abuse security gaps in scripts, enabling a pathway for criminals to infiltrate bigger, lucrative targets in supply chains.
• Akamai observed malicious bot requests surpassing 5 trillion events in 15 months, with assaults against commerce customers proliferating via credential stuffing attacks that can lead to fraud.
• Over 30 percent of phishing campaigns targeted commerce brands in Q1 2023.
• Attacks in Europe, Middle East, Asia and Africa (EMEA) are heavily skewed toward the retail subvertical, which accounts for 96.5 percent of attacks vs 3.3 percent for hotel and travel.
• Commerce is the second most frequently targeted web attack vertical in Asia-Pacific and Japan (APJ) at over 20 percent.

"The commerce sector is characterized by a complex ecosystem that leverages web applications and APIs to drive business," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. "Entering through the Gift Shop: Attacks on Commerce examines various attack types that commerce organizations and their customers face. We highlight elements such as web applications, bots, phishing and the use of third-party scripts to gauge what is happening in this sector and to help both cybersecurity leaders and practitioners understand the critical threat trends impacting this industry."

For additional information, the security community can access, engage with, and learn from Akamai's threat researchers by visiting the Akamai Security Hub and following the team on Twitter at @Akamai_Research.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Contacts

Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com 

Tom Barth
Akamai Investor Relations
+1.617.274.7130
tbarth@akamai.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-commerce-remains-top-target-with-over-14-billion-web-application-and-api-attacks-301848444.html

SOURCE Akamai Technologies, Inc.

FAQ

What is the most targeted subvertical within commerce?

Retail is the most targeted subvertical within commerce, accounting for 62 percent of attacks on the sector.

What is the most common attack vector used against the commerce sector?

Local File Inclusion (LFI) attacks are now the most common attack vector used against the commerce sector, increasing by more than 300 percent between Q3 2021 and Q3 2022.

What percentage of phishing campaigns targeted commerce brands in Q1 2023?

Over 30 percent of phishing campaigns targeted commerce brands in Q1 2023.