EMEA will be the most targeted region for web attacks against retailers in Q1 2023, surpassing North America, according to new research from Akamai.
In the research report, Intrusions from Gift Shops: Attacks on Commercefound that there were over 14 billion web attacks targeting the commerce sector worldwide in the first quarter of 2023. This means that this industry is the top industry for these forms of attack (34%). Akamai attributes this to the continued digitization of the space and the growing availability of APIs. Vulnerability.
Retail, a subcategory of commerce, experienced 62% of these attacks. Of these, about half (49%) targeted his EMEA region in Q1 2023. This compares to 42% in North America.
The report found Germany to be the “driving force” behind trends in Q1 2023, with 70.88% of attacks against EMEA retailers in Q1 2023 being targeted. Akamai researchers highlighted Germany’s public support for Ukraine likely for this factor.
A recent study by the Association of Technical Inspection Agencies (TUV) and the German Federal Office for Information Security (BSI) revealed that more than 1 in 10 German companies will fall victim to cyberattacks in 2022. This is also believed to be due to the country’s aid to Ukraine.
Risk to retailers
Richard Meeus, Director of Security Technology and Strategy EMEA at Akamai, said: Information security Retail is a particularly lucrative industry for threat actors, he said, due to “privileged access to sensitive data such as personally identifiable information and payment account details.”
“The retail industry is constantly changing, and even the bad guys know they need to respond to changing customer demands,” he added.
A surge in attacks against German retailers could happen in any country and could be seen as a harbinger of things to come, Mieus said.
In the November 2022 Infosecurity Magazine podcast, independent advisor and international speaker Naira Jones explains how changing consumer behavior and accompanying digitization strategies have increased cyber risk for retailers over the past few years. emphasized.
“During the pandemic, both consumers and businesses significantly increased their online activity, and previously non-digital activities suddenly became digital. It was a completely natural phenomenon,” she said.
This includes a much higher reliance on cloud technology, Jones added.
Mieus said that given the level of risk facing the retail industry, not only should security tools be improved, but cybersecurity regulations for the retail industry should also be strengthened.
“Compared to other verticals such as financial services and healthcare, we found e-commerce to be less heavily regulated despite requiring the same cybersecurity maturity level,” he said. . Information security.
common attack vectors
From January 2022 to March 2023, local file intrusion (LFI) was the most common web attack vector targeting retail in EMEA, accounting for 59% of attacks.
Overall, LFI attacks targeting commerce organizations surged 314% between Q3 2021 and Q3 2022. The researchers said this indicated the attackers were using her LFI vulnerability to gain a foothold and steal data.
When it comes to the broader EMEA commerce vertical, which includes retail and hospitality, web application and API attacks (51%) were by far the top attack vertical from January 2022 to March 2023.
API security will be an important part of Infosecurity Europe’s conference program next week.
The report also found that commerce organizations use significantly more third-party scripts (51%) than other verticals (31%). These third-party scripts create additional security risks by giving organizations little visibility into code development and testing and potential vulnerabilities.
Additionally, in Q1 2023, Akamai found that over 30% of phishing campaigns were launched against the commerce industry. This indicates that threat actors continue to target the shift to online shopping through social engineering campaigns.
Akamai will be exhibiting at Infosecurity Europe next week.
