News

|

Feeds

|

Email

Retailers Targeted for 62 Percent of Commerce Attacks.

CAMBRIDGE, Ma., June 13, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, released a new State of the Internet report today that spotlights the increasing number and variety of attacks on the commerce sector. Entering through the Gift Shop: Attacks on Commerce finds that commerce remains the most targeted web attack vertical, accounting for over 14 billion (34 percent) of observed incursions.

As commerce organizations increasingly rely on web applications to drive customer experience and online conversions, adversaries target vulnerabilities, design flaws or security gaps to abuse web-facing servers and applications. Retail remains the most targeted subvertical within commerce, accounting for 62 percent of attacks on the sector. This impacts both organizations and consumers.

The new Akamai research also finds that Local File Inclusion (LFI) attacks - that involve attackers exploiting vulnerabilities in how a web server stores or controls access to its files - increased by more than 300 percent between Q3 2021 and Q3 2022 and are now the most common attack vector used against the commerce sector. Just a few years ago, SQL injection (SQLi) was the most common incursion. This indicates an attack trend toward remote code execution and hackers leveraging LFI vulnerabilities to gain a foothold for data exfiltration.

Other key findings of Entering through the Gift Shop: Attacks on Commerce include:

    --  Server-Side Request Forgery (SSRF), Server-Side Template Injection
        (SSTI), and Server-Side Code Injection (SSCI) have emerged as critical
        attack techniques to defend against and pose great threats to commerce
        organizations.
    --  Half of the JavaScript that the commerce vertical uses comes from
        third-party vendors, and this introduces the increased threat of
        client-side attacks like web skimming and Magecart attacks. It is
        critical to put mechanisms in place that detect these attacks to remain
        compliant with new PCI DSS 4.0 requirements.
    --  Attackers could also abuse security gaps in scripts, enabling a pathway
        for criminals to infiltrate bigger, lucrative targets in supply chains.
    --  Akamai observed malicious bot requests surpassing 5 trillion events in
        15 months, with assaults against commerce customers proliferating via
        credential stuffing attacks that can lead to fraud.
    --  Over 30 percent of phishing campaigns targeted commerce brands in Q1
        2023.
    --  Attacks in Europe, Middle East, Asia and Africa (EMEA) are heavily
        skewed toward the retail subvertical, which accounts for 96.5 percent of
        attacks vs 3.3 percent for hotel and travel.
    --  Commerce is the second most frequently targeted web attack vertical in
        Asia-Pacific and Japan (APJ) at over 20 percent.

"The commerce sector is characterized by a complex ecosystem that leverages web applications and APIs to drive business," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. "Entering through the Gift Shop: Attacks on Commerce examines various attack types that commerce organizations and their customers face. We highlight elements such as web applications, bots, phishing and the use of third-party scripts to gauge what is happening in this sector and to help both cybersecurity leaders and practitioners understand the critical threat trends impacting this industry."

For additional information, the security community can access, engage with, and learn from Akamai's threat researchers by visiting the Akamai Security Hub and following the team on Twitter at @Akamai_Research.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences -- helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Contacts

Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com

Tom Barth
Akamai Investor Relations
+1.617.274.7130
tbarth@akamai.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-commerce-remains-top-target-with-over-14-billion-web-application-and-api-attacks-301848444.html

SOURCE Akamai Technologies, Inc.

Email

|

Slashdot

|

Digg

|

Del.icio.us

|

Feeds

RELATED NEWS ARTICLES

New Report Names States Most Vulnerable to Holiday Scams | Jan 22, 2026 Identiv Completes Thailand Manufacturing Transition, Unlocking Next-Generation Multicomponent Manufacturing for Advanced IoT Solutions | Jan 22, 2026 Truvista Fiber Acquires SlyTel | Jan 22, 2026 Android Mobile Adware Surges in Second Half of 2025 | Jan 22, 2026 Breakthrough Progress: METiS TechBio Publishes Consecutive Research Findings in Nature Communications and the Journal for ImmunoTherapy of Cancer | Jan 22, 2026 Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack | Jan 22, 2026 Healthcare Industry Executives are Likely to be Personal Targets of Cybercrime | Jan 22, 2026 pgEdge Announces pgEdge Agentic AI Toolkit for Postgres | Jan 22, 2026 LG ELECTRONICS INTRODUCES 2026 LG GRAM LINEUP ELEVATED BY AEROMINUM | Jan 22, 2026 Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026 | Jan 22, 2026