Increase in cyber attacks driven by online holiday shopping

Photo by Lewis Ngugi

Akamai Technologies, Inc. has released new data detailing the prevalence of malicious botnet attacks during the holiday season in Asia.

That data found a 15 per cent increase in cyberattacks in China over the Lunar New Year in February 2022, showing that cybercriminals are actively trying to take advantage of customers during high-traffic moments.

The uptick in attacks continues a trend that began with Singles Day, the Chinese eCommerce festival, in November 2021, during which botnet attacks tripled. Despite gradually declining after, attack traffic remained relatively high through the end of the year before peaking again with the buildup of retail traffic during the Lunar New Year.

This year, the Lunar New Year coincided with the start of the 2022 Winter Olympics in Beijing, further boosting online sales and making the period more attractive for attackers.

Malicious actors operate year-round, but the high volume of traffic during holiday periods allows them to mask their attacks more easily. Additionally, customers are more likely to update their online shopping profiles with up-to-date credit card information and credentials during this period, providing a more lucrative target for attackers.

As traffic increases, attackers increase the volume of their attacks which include scraping data, draining customer accounts, damaging site functionality and holding encrypted data ransom – at massive cost to a business.

“Holidays represent a huge opportunity for attackers thanks to increased online activity and security teams stretched thin,” said Dr Boaz Gelbord, Akamai’s Chief Security Officer.

“APAC presents a particularly enticing opportunity for successful cyberattacks because the sheer volume of traffic gives attackers the opportunity to gain foothold more easily and operate freely without timely mitigation.”

In Japan, Akamai research measured a 150 percent increase in malicious botnet activity in the Japanese retail sector around the Gregorian New Year in early January 2022. The attacks persisted for a number of weeks following the holiday in a nearly identical attack pattern to that observed in China.

While a similar surge occurs during the high-traffic seen at the end-of-year holidays in EMEA and the US – China and Japan present a particularly enticing opportunity for successful cyberattacks because of the sheer volume in traffic: Retailers and eCommerce here serve some of the largest populations in the world.

Akamai researchers monitored and analyzed underlying malicious botnets attack data throughout APAC during the holiday period, from late 2021 to early 2022.

Akamai tracks benign and malicious bots as a proportion of internet traffic year-round to uncover patterns in botnet activity that can provide security teams with actionable data to incorporate into their defense.