Retail has emerged the most targeted segment by hackers, suggests a new research study. Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, shows a study by the Akamai 2019 State of the Internet/Security: Retail Attacks and API Traffic.
The reasons are that these items can be resold quickly and at the same time hackers get a premium amount on the similar items.
The report also spotlights two other pressing security concerns, the preponderance of API-call traffic on the Web and the apparent misrepresentation of IPv6-based traffic.
“Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium rate. And for that reason, the data shows apparel sites are targeted the most,” said Martin McKeay, Security Researcher and Editorial Director of the report.
The company studied the credential abuse technique known as credential stuffing, where hackers systematically use botnets to try stolen login information across the Web.
They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts. Interest in retail is driven by the value of merchandise, which hackers acquire through compromised accounts and then frequently resell.
The insidious All-In-One (AIO) bots that hackers deploy are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, the report said. A single AIO bot can target more than 120 retailers at once.