Increase in Account Takeover Attacks on E-Retail Amidst COVID-19

Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites.


Researchers at application protection company PerimeterX have reported a two-month increase in account takeover attacks against online home goods retailers, and a rise in bot-fueled automated data scraping attacks against all e-commerce websites over the same time period. 


READ MORE: Malicious coronavirus map hides azorult info-stealing malware


In a new blog post authored by founder and CTO Ido Safruti, PerimeterX reports that “in recent days” nearly 80 percent of log-in attempts against home goods retailers were the result of ATOs. The company also notes that searches for toilet paper have increased by 1,400 percent since March 11. “We have even seen some sites experience larger spikes in single-day traffic during March than they saw during the last Cyber Monday…,” the report states.


Our hypothesis is that increased competition for business in key segments has fueled scraping growth as competitors seek to capture more online customers with deals and pricing offers. Scraping growth has been concentrated on hot items such as toilet paper, face masks and disinfectants.

- Ido Safruti, Founder and CTO, PerimeterX


PerimeterX believes that product hoarders are likely responsible for the scraping attacks.


READ MORE: Protecting against cybersecurity threats when working from home

Spotlight

Other News
Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More