The Aftermath of Black Friday and Cyber Monday - A Growing Threat to E-Commerce

New research about the growing financial impact of cybercrime during the holiday shopping season

Cybercriminals are targeting e-commerce businesses during the holiday shopping season with malicious automated attacks that could cost the industry $1.79 billion in December, according to new research from Cequence.

The report, titled “The Aftermath of Black Friday and Cyber Monday - A Growing Threat to E-Commerce,” highlights the expanding attack surface that cybercriminals are exploiting during peak shopping periods.

Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report reveals that malicious bot attacks surged by 25% during Black Friday and Cyber Monday compared to the previous week. These attacks targeted a wide range of e-commerce applications, including product pages, shopping carts, and checkout flows.

The goal of these attacks was to automate fraudulent activities such as account takeover, credential stuffing, and web scraping, ultimately aiming to steal customer data, manipulate prices, and conduct large-scale fraud.

“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence.

"This year's findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”

To navigate heightened cyber threats, Cequence advises businesses to take the following steps:

* Prioritize API security and bot management throughout the organization, ensuring close collaboration between IT, DevOps, and business teams.

* Leverage a multi-layered approach to defense, combining bot detection and blocking capabilities with fraud prevention and detection technologies.

* Continuously monitor e-commerce applications for suspicious activity, using real-time analytics and threat intelligence to identify and respond to emerging threats quickly.

* Block malicious bots at the network edge to prevent them from reaching e-commerce applications and minimize the impact of attacks.

* Use adaptive bot detection techniques to distinguish between good and bad bots and allow legitimate bots to access e-commerce applications without hindrance.

* Enforce rate limits and other access controls to prevent bots from overwhelming e-commerce applications with excessive requests and maintain optimal performance.

* Stay informed about the latest cyber threats and trends by subscribing to threat advisories and engaging with the broader cybersecurity community.

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection across all internal, external, and third-party APIs to defend against attacks, targeted abuse, and fraud. The flexible deployment model supports SaaS, on-premises, and hybrid installations, and APIs can be onboarded in less than 15 minutes without requiring any app instrumentation, SDK, or JavaScript integration. Cequence solutions scale to handle the most demanding government, Fortune 500, and Global 500 organizations, securing more than 8 billion daily API interactions and protecting more than 3 billion user accounts. To learn more, visit www.cequence.ai.