As the holiday shopping season approaches, retailers are bracing for the annual surge in online (and in-store) traffic. Unfortunately, this uptick in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. With more consumers shopping online than ever before, retailers must be prepared for the growing threat landscape that comes with the busy season.

Imperva, a Thales company, recently published its annual Holiday Shopping Cybersecurity Guide, highlighting key trends in cyber threats and offering tips to help retailers protect themselves and their customers. According to data from Imperva’s Threat Research team, who analyzed six months of data from April to September 2024, AI-driven cyberattacks are becoming a central concern for eCommerce businesses this year. As generative AI tools and large language models (LLMs) become more advanced, cybercriminals are increasingly using these technologies to scale and refine their attacks on retail platforms.

Imperva’s research also revealed some alarming statistics: retail sites experience an average of 569,884 AI-driven attacks every day. The nature of these attacks is evolving, and understanding which threats are most prevalent—and how to defend against them—will be crucial for businesses this holiday season. Below, we break down the key threats and offer advice on how retailers can mitigate the risks.

1. Business Logic Abuse: AI-Driven Exploits of Retail Functions

Business logic abuse is the most common type of AI-driven attack on retail sites, accounting for 30.7% of all attacks. This occurs when cybercriminals exploit the intended functionality of a website or application to achieve unauthorized outcomes. For example, an attacker might manipulate promotional codes, exploit return policies, or bypass payment systems to obtain goods at a lower price than intended.

Business logic abuse is particularly dangerous because it targets vulnerabilities in the core business processes of retailers, often bypassing traditional security measures. Imperva found that nearly 50% of retailers have experienced some form of business logic abuse. The real threat lies in AI’s ability to rapidly analyze user behavior patterns and identify weaknesses. Attackers can use AI to scale these abuses, making them harder to detect and stop.

What Can Retailers Do?

• Implement stronger validation checks on user inputs, especially for promotional codes and return policies.
• Use anomaly detection tools to identify suspicious patterns or actions that deviate from normal behavior.
• Regularly audit business processes and user flows to uncover vulnerabilities that might be exploited.

2. DDoS Attacks: Disrupting Retail Operations

Distributed Denial-of-Service (DDoS) attacks remain a persistent threat, representing 30.6% of AI-driven attacks on retail websites. These attacks involve overwhelming a website’s servers or network with traffic, causing the site to crash or become unavailable to legitimate users. In recent years, the rise of AI-driven DDoS attacks has made these threats more sophisticated and harder to mitigate.

Imperva’s 2024 DDoS Threat Landscape report highlights a troubling trend: application-layer DDoS attacks on retail sites increased by 61% from the previous year. These attacks are especially damaging during the busy holiday season when online traffic spikes, potentially causing significant downtime and lost sales.

What Can Retailers Do?

• Invest in DDoS protection solutions that use machine learning to identify and mitigate malicious traffic in real time.
• Implement web application firewalls (WAFs) that can filter out bad traffic while allowing legitimate users through.
• Scale infrastructure in advance to accommodate traffic surges and ensure website availability during peak shopping times.

3. Grinch Bots: The Scalping Threat to Retailers

Bad bots—automated scripts used by cybercriminals to scrape data, conduct credential stuffing attacks, and even purchase limited-edition products for resale—have become increasingly sophisticated. Around 20.8% of AI-driven attacks on retail sites are attributed to malicious bots, with Grinch bots becoming a major concern during the holiday season.

Grinch bots are designed to scoop up high-demand products, such as limited-edition toys, electronics, and collectibles, and then resell them at inflated prices. This not only frustrates consumers but can also lead to inventory issues and lost revenue for retailers.

What Can Retailers Do?

• Implement robust bot management strategies to differentiate between legitimate shoppers and malicious bots.
• Use CAPTCHA tests, rate limiting, and IP blocking to prevent bots from gaining access.
• Deploy advanced bot detection systems that can analyze user behavior to identify patterns typical of automated attacks.

4. API Violations: A Growing Attack Surface

Retailers increasingly rely on APIs to connect their online storefronts to third-party services, process transactions, and integrate with external systems. Unfortunately, this dependency has led to a rise in API violations, which now account for 16.1% of AI-driven attacks on retailers. Cybercriminals can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or manipulate transactions.

In fact, retail businesses face an average of 5,570 API attacks daily, with many of these attacks targeting authentication weaknesses or insecure endpoints. If left unaddressed, API violations can lead to data breaches, financial fraud, and a loss of customer trust.

What Can Retailers Do?

• Regularly audit and monitor API usage for abnormal behavior and signs of malicious activity.
• Use secure authentication mechanisms like OAuth and API keys to restrict access to sensitive data.
• Apply rate-limiting controls and IP-based restrictions to minimize the risk of API abuse.

Cybersecurity Tips for Retailers: How to Stay Safe This Holiday Season

The holiday shopping season represents a double-edged sword for retailers: a chance to capitalize on increased consumer spending, but also a period of heightened risk for cyber threats. With the rise of AI-driven attacks, retailers need to implement robust security strategies to protect their websites and customers. Here are some essential cybersecurity tips:

1. Prepare for Increased Online Traffic
   Retailers must ensure their websites and infrastructure are ready for the surge in traffic that comes with the holiday season. This includes scaling servers, using content delivery networks (CDNs) to improve site performance, and implementing queuing systems to manage peak traffic times.

2. Develop a Bot Management Strategy
   Malicious bots will increase during the holiday season, so a proactive bot management strategy is essential. Retailers should analyze traffic patterns, identify entry points for bots, and implement systems to block malicious traffic without affecting legitimate users.

3. Defend Against Business Logic Abuse
   AI allows attackers to automate business logic abuse, making these attacks harder to detect. Retailers should implement stringent validation controls, deploy anomaly detection systems, and regularly review business processes for potential exploits.

4. Invest in DDoS Protection
   DDoS attacks can overwhelm websites, causing downtime and lost sales. Retailers should invest in advanced DDoS mitigation solutions that can identify and neutralize malicious traffic in real time.

5. Secure APIs
   As APIs become a key attack vector, retailers must prioritize API security. This includes enforcing access controls, applying rate-limiting, and maintaining an audit trail to monitor for suspicious activity.

As AI-driven threats become more prevalent, retail businesses must stay ahead of evolving cybercriminal tactics. By understanding the risks—such as business logic abuse, DDoS attacks, Grinch bots, and API violations—and taking proactive measures to secure their platforms, retailers can protect their operations and ensure a smooth, secure shopping experience for customers this holiday season.

Investing in advanced cybersecurity solutions and maintaining vigilance throughout the peak season will go a long way toward mitigating these risks and protecting both the business and its customers from cyber threats. By preparing for the worst and adopting best practices, retailers can keep their sites secure and maximize the opportunity presented by the holiday shopping rush.