Nov 17 • Vipun Dasari

The Surge of AI-Driven Cyberthreats

With the availability of generative AI and large language models (LLMs), cybercriminals are leveraging these technologies to launch a new breed of attacks.


Rising AI-Driven Threats in Retail: How Cybercriminals Target E-commerce Platforms

The retail sector is facing unprecedented cybersecurity challenges, with over half a million AI-driven attacks per day disrupting operations, threatening customer data, and tarnishing brand reputations. In a recent six-month analysis, cybersecurity firm Imperva revealed that 569,884 AI-driven attacks hit retailers daily, highlighting the increasing sophistication of cybercriminal tactics powered by tools like ChatGPT, Claude, and Gemini. As we enter the peak holiday shopping season, retailers must brace themselves for this surge in AI-enhanced cyber threats that capitalize on the season’s high transaction volumes, limited-time offers, and customer accounts holding valuable loyalty points.

The Surge of AI-Driven Cyberthreats

With the availability of generative AI and large language models (LLMs), cybercriminals are leveraging these technologies to launch a new breed of attacks. Nanhi Singh, General Manager of Application Security explains, “Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats.” This shift has introduced retailers to threats beyond traditional DDoS attacks and Grinch bots, with AI-driven threats becoming more complex and varied.

Top AI-Driven Threats to Retailers

Imperva’s analysis categorizes AI-driven attacks into several types, each presenting unique challenges to retail cybersecurity teams:

  1. Business Logic Abuse (30.7%)

    The most common AI-driven threat, business logic abuse, exploits legitimate application functionalities to conduct malicious actions like price manipulation, discount code abuse, or authentication bypass. These threats are particularly dangerous because they operate within the app’s expected functionality, making them harder to detect.

  2. Distributed Denial of Service (DDoS) Attacks (30.6%)

    DDoS attacks overwhelm retail sites by targeting their resources, causing disruptions in service. By using AI to coordinate larger, more efficient botnets, attackers amplify the power and impact of these DDoS attacks, potentially crippling e-commerce operations.

  3. Bad Bots (20.8%)

    Bad bots are automated programs that engage in disruptive activities, such as scraping pricing data, inventory hoarding (scalping), and credential stuffing. The infamous “Grinch bots” are notorious for hoarding in-demand items during holiday sales, making it nearly impossible for legitimate customers to make purchases. With AI advancements, these bots now mimic human behaviors more convincingly, evading traditional security measures.

  4. API Violations (16.1%)

    With more e-commerce platforms exposing APIs for mobile and third-party integrations, cybercriminals are exploiting API vulnerabilities to access sensitive data. AI helps attackers quickly identify and exploit weaknesses in API implementations, allowing for rapid infiltration of retail systems.

Proactive Security Measures for Retailers

To counteract these AI-driven threats, Singh emphasizes the need for a comprehensive security approach: “Retailers must adopt a comprehensive strategy that not only defends against these attacks but also allows them to respond swiftly without disrupting the shopping experience.” Here are some key measures:

  • Strict Authentication and Authorization Protocols for APIs: Enforcing robust authentication and authorization controls helps prevent unauthorized access to sensitive data.
  • Rate Limiting: Limiting the number of requests per user or IP can mitigate bot-driven attacks, particularly around pricing scraping and inventory hoarding.
  • Regular Security Assessments: Conducting frequent penetration testing and vulnerability assessments can help identify weaknesses before cybercriminals do.
  • Employee Training: Educating staff on identifying and reporting suspicious activities or vulnerabilities can add an additional layer of protection.

AI-Powered Security Solutions for Retail

Many retailers are also investing in AI-driven security solutions to combat these sophisticated threats. Machine learning models can identify and respond to suspicious behaviors in real time, allowing companies to protect their digital assets while ensuring a seamless shopping experience for legitimate customers. Additionally, AI-based threat detection tools can assist in uncovering the evolving tactics cybercriminals employ, improving the effectiveness of existing security systems.

Conclusion: Safeguarding Retail from AI-Driven Cyberthreats

The retail industry faces an uphill battle as AI-driven cyberthreats continue to evolve. By implementing proactive security measures, including securing APIs, using AI-driven detection systems, and educating employees on cyber best practices, retailers can better protect themselves. As holiday shopping intensifies, having robust cybersecurity defenses will be critical to maintaining customer trust and a seamless shopping experience.

For a deeper dive into protecting retail operations against cyberattacks, check out our related guide to preventing DDoS attacks and stay updated on cybersecurity best practices to safeguard your business from the ever-evolving threat landscape.