Akamai Technologies‘ report, ‘Entering through the Gift Shop: Attacks on Commerce‘, finds that commerce remains the most targeted for web attacks, accounting for more than 14 billion (34%) of observed hacking.

Retail remains the most targeted in the commerce sector, accounting for 62% of attacks.

As organisations increasingly rely on web applications to drive customer experience and online conversions, hackers can target design flaws or security gaps to abuse web-facing servers and applications.

GlobalData’s thematic analysis of the retail sector finds that the frequency of such cyberattacks has been increasing since 2020, with notable attacks on JD Sports and WHSmith reported in Q1 2023.

In addition, Akamai finds that the most common attack is local file inclusion (LFI). This involves attackers exploiting vulnerabilities in how a web server stores or controls access to its files.

Reportedly, a few years ago, the most common attack was against structured query language, which is programming used to manage databases. Akamai states that the move towards LFI indicates a trend towards remote code execution and hackers leveraging LFI vulnerabilities to gain a foothold for data exfiltration.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

What are the other key findings from the report?

  • Half of the JavaScript that the commerce vertical uses comes from third-party vendors. This introduces the increased threat of client-side attacks.
  • Attackers could also abuse security gaps in scripts, enabling a pathway for criminals to infiltrate bigger, lucrative targets in supply chains.
  • Akamai observed malicious bot requests surpassing 5tn events in 15 months, with assaults against commerce customers proliferating via credential stuffing attacks that can lead to fraud.
  • More than 30% of phishing campaigns targeted commerce brands in Q1 2023.

Akamai senior vice-president and general manager of application security Rupesh Chokshi comments: “The commerce sector is characterised by a complex ecosystem that leverages web applications and APIs to drive business. Cybersecurity leaders and practitioners must understand the critical threat trends impacting this industry.”