Akamai Technologies recently released a new State of the Internet report that spotlights the increasing number and variety of attacks on the commerce sector. Entering through the Gift Shop: Attacks on Commerce finds that commerce remains the most targeted web attack vertical, accounting for over 14 billion (34 percent) of observed incursions.
As commerce organizations increasingly rely on web applications to drive customer experience and online conversions, adversaries target vulnerabilities, design flaws or security gaps to abuse web-facing servers and applications. Retail remains the most targeted subvertical within commerce, accounting for 62 percent of attacks on the sector. This impacts both organizations and consumers.
The new Akamai research also finds that Local File Inclusion (LFI) attacks – that involve attackers exploiting vulnerabilities in how a web server stores or controls access to its files – increased by more than 300 percent between Q3 2021 and Q3 2022 and are now the most common attack vector used against the commerce sector. Just a few years ago, SQL injection (SQLi) was the most common incursion. This indicates an attack trend toward remote code execution and hackers leveraging LFI vulnerabilities to gain a foothold for data exfiltration.
“The commerce sector is characterized by a complex ecosystem that leverages web applications and APIs to drive business,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. “Entering through the Gift Shop: Attacks on Commerce examines various attack types that commerce organizations and their customers face. We highlight elements such as web applications, bots, phishing and the use of third-party scripts to gauge what is happening in this sector and to help both cybersecurity leaders and practitioners understand the critical threat trends impacting this industry.”