
Cequence, a leader in API security and bot management, has unveiled troubling data indicating a 96% increase in attack traffic targeting retailers during the Labor Day weekend.
“While these measures should be a priority year-round, now is the time for retailers to get ahead of threat actors as peak shopping periods quickly approach,” stated a company representative.
This data, developed by Cequence’s CQ Prime threat research team, is derived from real, anonymized traffic and attack data from their retail clientele, including Fortune 500 and Global 2000 companies, sampled from billions of transactions. The findings reveal a notable rise in malicious activity over the holiday weekend.
Key Findings:
- Retailers Under Siege: There was a 96% surge in attack traffic compared to the previous year.
- Bot Activity Increases: Retailers experienced a 79% rise in blocked bot traffic year-over-year.
- Account Takeovers on the Rise: Cequence blocked over 26.69 million account takeovers (ATOs) during the Labor Day sales period.
- Significant Malicious Traffic: One major retailer reported a staggering 435% increase in blocked bot traffic during a summer sales event, with malicious traffic rising by an astonishing 2,724% compared to normal levels.
- Potential Losses: Retailers could face losses of $60,000 per hour without adequate bot and API protection, particularly during high-traffic periods like holiday weekends.
- Spike in API Calls: Since the launch of the iPhone 16 in early September, Cequence has managed over 6.7 billion API calls for eight top telecommunications companies, with 37% identified as malicious.
William Glazier, Director of Threat Research at Cequence, emphasized, “During holiday seasons, retailers often face a perfect storm of increased vulnerability. Reduced staffing and a surge in online activity create a prime opportunity for cybercriminals. Without robust bot and API protection, retailers risk significant financial losses.”
Recommendations for Retailers:
- Practice Regularly: Review policies and run drills tailored to organizational risks, considering all perspectives.
- Know Your Assets: Keep an updated inventory of public-facing applications and APIs to prevent attacks on overlooked endpoints.
- Align with Business Goals: Focus on optimizing performance and user experience through secure validation methods.
- Leverage Security Systems: Implement multi-factor authentication and monitor systems for unusual activity during peak times.
- Monitor User Activity: Identify anomalies in login patterns that may indicate attempts at account takeover.
“Our research makes it clear that retailers are prime targets for cybercriminals, making immediate action imperative,” Glazier added. “Now is the time for retailers to get ahead of threat actors as peak shopping periods approach.”
Additional Resources:
- Download the infographic to explore challenges retailers face during holiday shopping spikes.
- Learn more about Cequence’s Unified API Protection platform.
- Follow Cequence on LinkedIn and X.
About Cequence Security:
Cequence is a pioneer in API security and bot management, offering Unified API Protection (UAP) to defend against attacks and fraud across all internal, external, and third-party APIs. The solution is flexible, supporting SaaS, on-premises, and hybrid installations, and allows for API onboarding in less than 15 minutes without requiring app instrumentation. Cequence secures over 8 billion daily API interactions and protects more than 3 billion user accounts.