With the share of online sales from personal computers, smartphones or tablets growing every year, cybercrime activities targeting these transactions are also increasing.
Security firm Imperva said that this year’s Imperva Web Application Attack Report (WAAR #5) indicated that retail web applications suffer twice as many SQL injections than other web applications. The top three attack types were SQL injection, Directory Traversal and Cross-Site Scripting.
Imperva said there is a reason why cybercriminals are also in a shopping frenzy.
“The unusual motivation may stem from their desire to participate in the [seasonal] shopping fest. However, the most appealing hypothesis we’ve found for the secret motivation factor is belief; attackers believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed,” Imperva said.
There could be two potential explanations for this. One is that to win the heart of the consumer, many online retailers come up with new campaigns and special sales, usually translated into new pages in their web application, which may present many vulnerabilities such s bad design, unsafe coding and usage of insecure third-party libraries.
During this season, retailers are also more reluctant to impose strict security measures as they may annoy users.
“Whatever the reasons may be, with the hope for increased income during the holiday season, retail application providers should make sure to be prepared for a wave of cyber-attacks,” Imperva said.