Bots Are Attacking Retail Sites On A Large Scale - Olmec Skip to main content

Bots Are Attacking Retail Sites On A Large Scale

By March 22, 2019May 19th, 2022Cybersecurity

If you own a retail business, an attack known as “credential stuffing” is the latest online threat to be concerned about.  If you’re not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit.

In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made.  One of the web’s largest retail sites suffered over 115 million bot-driven login attempts in a single day.

A spokesman for Akamai had this to say about the report:

“The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once.

A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand.  They’ll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers.”

In most cases, the damage caused by credential stuffing attacks is limited.  Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network.  Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server.

Even in cases where your business isn’t directly impacted, an attack on your customers’ accounts is still an attack on you.  Unfortunately, with so many stolen credentials available on the Dark Web, it’s a notoriously difficult problem to come to grips with.  The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.