黑色星期五和網路星期一的後果—電子商務面臨的威脅日益嚴重

關於假日購物季網路犯罪日益增長的財務影響的新研究

Cybercriminals are targeting e-commerce businesses during the holiday shopping season with malicious automated attacks that could cost the industry $1.79 billion in December, according to new research from Cequence.

根據 Cequence 的最新研究，網路犯罪分子在假期購物季期間針對電子商務企業進行惡意自動攻擊，這可能導致該行業在 12 月損失 17.9 億美元。

The report, titled “The Aftermath of Black Friday and Cyber Monday - A Growing Threat to E-Commerce,” highlights the expanding attack surface that cybercriminals are exploiting during peak shopping periods.

該報告題為“黑色星期五和網路星期一的後果 - 對電子商務的日益增長的威脅”，強調了網路犯罪分子在購物高峰期利用的不斷擴大的攻擊面。

Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report reveals that malicious bot attacks surged by 25% during Black Friday and Cyber Monday compared to the previous week. These attacks targeted a wide range of e-commerce applications, including product pages, shopping carts, and checkout flows.

該報告利用 Cequence 統一 API 保護 (UAP) 平台的數十億真實交易和攻擊數據顯示，黑色星期五和網路星期一期間的惡意機器人攻擊較前一周激增 25%。這些攻擊針對廣泛的電子商務應用程序，包括產品頁面、購物車和結帳流程。

The goal of these attacks was to automate fraudulent activities such as account takeover, credential stuffing, and web scraping, ultimately aiming to steal customer data, manipulate prices, and conduct large-scale fraud.

這些攻擊的目標是自動執行帳戶接管、撞擊庫和網路抓取等詐欺活動，最終目的是竊取客戶資料、操縱價格並進行大規模詐欺。

“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence.

Cequence 首席資訊安全長 Randolph Barr 表示：“網路犯罪分子正在利用數位商務的快速增長，使用日益複雜的策略來針對企業和消費者。”

"This year's findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”

「今年的調查結果是更廣泛趨勢的一部分：隨著電子商務的不斷發展，網路威脅的規模和複雜性也在不斷增長。這些調查結果凸顯了企業迫切需要採用強大的API 和機器人管理解決方案來保護收入，保持客戶信任，並在日益數位化的世界中保持競爭力。

To navigate heightened cyber threats, Cequence advises businesses to take the following steps:

為了應對日益嚴重的網路威脅，Cequence 建議企業採取以下步驟：

* Prioritize API security and bot management throughout the organization, ensuring close collaboration between IT, DevOps, and business teams.

* 在整個組織中優先考慮 API 安全和機器人管理，確保 IT、DevOps 和業務團隊之間的密切協作。

* Leverage a multi-layered approach to defense, combining bot detection and blocking capabilities with fraud prevention and detection technologies.

* 利用多層防禦方法，將機器人偵測和阻止功能與詐欺防制和偵測技術結合。

* Continuously monitor e-commerce applications for suspicious activity, using real-time analytics and threat intelligence to identify and respond to emerging threats quickly.

* 持續監控電子商務應用程式是否有可疑活動，使用即時分析和威脅情報來快速識別和回應新出現的威脅。

* Block malicious bots at the network edge to prevent them from reaching e-commerce applications and minimize the impact of attacks.

* 在網路邊緣阻止惡意機器人，防止它們到達電子商務應用程式並最大限度地減少攻擊的影響。

* Use adaptive bot detection techniques to distinguish between good and bad bots and allow legitimate bots to access e-commerce applications without hindrance.

* 使用自適應機器人檢測技術來區分好機器人和壞機器人，並允許合法機器人無障礙地存取電子商務應用程式。

* Enforce rate limits and other access controls to prevent bots from overwhelming e-commerce applications with excessive requests and maintain optimal performance.

* 實施速率限制和其他存取控制，以防止機器人透過過多的請求淹沒電子商務應用程序，並保持最佳效能。

* Stay informed about the latest cyber threats and trends by subscribing to threat advisories and engaging with the broader cybersecurity community.

* 透過訂閱威脅諮詢並與更廣泛的網路安全社群互動，隨時了解最新的網路威脅和趨勢。

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection across all internal, external, and third-party APIs to defend against attacks, targeted abuse, and fraud. The flexible deployment model supports SaaS, on-premises, and hybrid installations, and APIs can be onboarded in less than 15 minutes without requiring any app instrumentation, SDK, or JavaScript integration. Cequence solutions scale to handle the most demanding government, Fortune 500, and Global 500 organizations, securing more than 8 billion daily API interactions and protecting more than 3 billion user accounts. To learn more, visit www.cequence.ai.

Cequence 是API 安全和機器人管理領域的先驅，是唯一提供統一API 保護(UAP) 的解決方案，它將所有內部、外部和第三方API 的發現、合規性和保護結合起來，以防禦攻擊、有針對性的濫用、和詐欺。靈活的部署模型支援 SaaS、本地和混合安裝，API 可在 15 分鐘內完成安裝，無需任何應用程式工具、SDK 或 JavaScript 整合。 Cequence 解決方案可擴展，以應對要求最嚴格的政府、財富 500 強和全球 500 強組織，確保超過 80 億次日常 API 交互，並保護超過 30 億個用戶帳戶。要了解更多信息，請訪問 www.cequence.ai。