Cequence Research Reveals Businesses Could Face Average Potential Losses of USD $2.58 Million per Hour Throughout December Due to Malicious Bot Traffic and Fraud Attempts

The report, based on data from Cequence's Unified API Protection (UAP) platform, highlights how cybercriminals exploit the increasing attack surfaces during peak shopping periods such as Black Friday and Cyber Monday.

Cybercriminals are targeting businesses with an average of $2.58 million in potential losses every hour throughout December due to malicious bot traffic and fraud attempts, according to new research from Cequence.

The report, which is based on data from Cequence’s Unified API Protection (UAP) platform, highlights how cybercriminals are exploiting the increasing attack surfaces during peak shopping periods such as Black Friday and Cyber Monday.

Findings from the study show a significant rise in e-commerce transactions, which doubled from 5.1 billion in 2023 to 10.4 billion in 2024. Of these transactions, 34.62% were flagged as malicious, reflecting a 138.57% increase from the previous year.

Over an 11-day period from Black Friday to Cyber Monday, the report identifies potential losses from cybercrime amounting to USD $681.12 million, with projections for December 2024 estimating losses averaging USD $2.58 million per hour, totalling USD $1.79 billion.

There was also a marked increase in sophisticated attack techniques, such as credential stuffing, SMS pumping, and token farming, which rose by 700% year-over-year.

In one real-world example, a major e-commerce company was able to use Cequence’s bot and API protection capabilities to thwart an SMS pumping attack—which could have cost the company $3,000 every four hours—by blocking fraudulent account creation and preventing further financial losses.

Cequence also reported handling a 125% surge in traffic on Black Friday, during which it blocked 11.5 million malicious attempts while maintaining seamless customer experiences.

The research highlights the challenge for businesses in defending against high-volume, sophisticated attacks, as evidenced by the 72.6% increase in mitigated malicious traffic from 2023 to 2024.

“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, Chief Information Security Officer at Cequence. “This year’s findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”

The research includes several recommendations for businesses to mitigate the risk of cybercrime during peak periods, such as enhancing incident readiness with regular security drills, mapping the attack surface to eliminate exploitable blind spots, and aligning security measures with business objectives to simultaneously protect and enhance user experiences.

Cequence also advises deploying multi-layered security strategies, monitoring anomalous behaviour, strengthening access controls, investing in real-time threat management, and optimising systems for high-traffic events like Black Friday for improved security during peak periods.