Cybersecurity Cloud & Data

APJ commerce sector cyberattacks are rampant esp. retail, hotel & travel verticals

Commerce in the Asia Pacific-Japan (APJ) region is reeling from cyberattacks, exposing the vulnerability of these big entities in the most populated business regions of the globe that hold tons of data.

A study last year forecasted that merchant losses from online payment fraud will exceed US$362 billion globally between 2023 to 2028, with losses of US$91 billion alone in 2028. The reason, a rise in eCommerce transactions in emerging markets as merchants there are facing new threats, such as an increased use of AI for attacks.

Read more: Digital banking fraud: 55% of frauds in India were third-party account takeover frauds

Online payment fraud is where cybercriminals run false or illegal transactions online, with fraud strategies, such as phishing, business email compromise or account takeover.

According to a report by Akamai Technologies, Inc. (NASDAQ: AKAM), there is an increasing number and variety of attacks on the commerce sector. It found that in the APJ, over 1.15 billion web attacks were recorded in the commerce sector, across retail and hotel and travel verticals.

“As we approach the mid-year shopping and travel season, these insights around the commerce sector present a timely reminder that commerce organizations need to be on high alert to adapt to a myriad of methods used by attackers – from web applications and bots to phishing and the use of malicious third-party scripts,” explained Reuben Koh, Security Technology and Strategy Director (APJ), Akamai.

As we approach the mid-year shopping and travel season, these insights around the commerce sector present a timely reminder that commerce organizations need to be on high alert to adapt to a myriad of methods used by attackers – from web applications and bots to phishing and the use of malicious third-party scripts

Reuben Koh, Security Technology and Strategy Director (APJ), Akamai

“To stay ahead of attack attempts, commerce organizations should stay updated on the latest attack trends and constantly re-evaluate their security posture and controls. When considering specific cyber defense solutions, organizations need to make sure that the chosen solutions are adaptive enough to counter against the ever-changing threat landscape and minimize the risks posed by adversaries who are getting more sophisticated every day,” concluded Koh.

Globally, commerce remains the most targeted web attack vertical, accounting for over 14 billion (34%) of observed incursions, largely due to the industry’s continued digitalization and the attackers’ available selection of web application vulnerabilities to breach their intended targets.

The report also finds that Local File Inclusion (LFI) attacks increased 300% between Q3 2021 and Q3 2022 and are now the most common attack vector used against the commerce sector. Just a few years ago, SQL injection (SQLi) was the most common incursion. This indicates an attack trend toward remote code execution and hackers leveraging LFI vulnerabilities to gain a foothold for data exfiltration.

Attack vectors such as Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), and Server-Side Code Injection have also been gaining popularity. They pose a significant threat to commerce organizations and other verticals, preventing online sales and damaging a company’s reputation.

Retail: Most Targeted Subvertical

As commerce organizations increasingly rely on web applications to drive customer experience and online conversions, adversaries target vulnerabilities, design flaws or security gaps to abuse web-facing servers and applications. Globally, retail remains the most targeted subvertical within commerce, accounting for 62% of attacks on the sector.

The top web attack target areas in APJ for retail are India and China. Loyalty and rewards programs, in combination with a proliferation of shopping days across these areas, present attractive opportunities for cybercriminals to ply their trade.

Hotel & Travel

The hotel and travel subvertical also emerged as a particularly attractive target to attackers, with the bulk of all transactions conducted online, driven by Australia (63.72%), followed by India (22.44%).

APJ is the fastest-growing market for online travel bookings, expected to expand at a compound annual growth rate of 9.8% from 2022 to 2030. In addition to vulnerabilities in existing workflows and supply chains, these factors could be contributing to the jump in cybercrime in the region, and more specifically, attacks on this sub-vertical.

Read more: Enhancing security through technology: The future of safety measures

Akamai observed malicious bots targeting the APJ commerce vertical surpassing 765 billion in 15 months, contributed by the number and frequency of holiday shopping events throughout APJ and the growth in online travel booking.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

2 days ago

Harnessing the power of AI: Preparing today’s workforce for tomorrow’s challenges

In an era defined by rapid technological advancement, Artificial Intelligence (AI) stands as a transformative…

2 days ago

Indian esports makes history at BRICS Esports Championship in Moscow

In a historic moment for Indian esports, Wasfi “YoshiKiller” Bilal secured a silver medal at…

3 days ago

Geek Appeal: New gadgets & apps on the block

The Tech Panda takes a look at recently launched gadgets & apps in the market.…

3 days ago

Ecosystem harkat: India’s Biotech & space tech, early stage tech startups & women entrepreneurs in blockchain

The Tech Panda takes a look at what’s buzzing in the startup ecosystem. The startup…

3 days ago

Harris vs. Trump: Forecasting Bitcoin’s Future in a Post-Election Economy

With just days until the outcome of the U.S. presidential race, Bitcoin enthusiasts across the…

4 days ago