黑色星期五和网络星期一的后果——电子商务面临的威胁日益严重

关于假日购物季网络犯罪日益增长的财务影响的新研究

Cybercriminals are targeting e-commerce businesses during the holiday shopping season with malicious automated attacks that could cost the industry $1.79 billion in December, according to new research from Cequence.

根据 Cequence 的最新研究，网络犯罪分子在假日购物季期间针对电子商务企业进行恶意自动攻击，这可能导致该行业在 12 月份损失 17.9 亿美元。

The report, titled “The Aftermath of Black Friday and Cyber Monday - A Growing Threat to E-Commerce,” highlights the expanding attack surface that cybercriminals are exploiting during peak shopping periods.

该报告题为“黑色星期五和网络星期一的后果 - 对电子商务的日益增长的威胁”，强调了网络犯罪分子在购物高峰期利用的不断扩大的攻击面。

Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report reveals that malicious bot attacks surged by 25% during Black Friday and Cyber Monday compared to the previous week. These attacks targeted a wide range of e-commerce applications, including product pages, shopping carts, and checkout flows.

该报告利用 Cequence 统一 API 保护 (UAP) 平台的数十亿真实交易和攻击数据显示，黑色星期五和网络星期一期间的恶意机器人攻击较前一周激增 25%。这些攻击针对广泛的电子商务应用程序，包括产品页面、购物车和结帐流程。

The goal of these attacks was to automate fraudulent activities such as account takeover, credential stuffing, and web scraping, ultimately aiming to steal customer data, manipulate prices, and conduct large-scale fraud.

这些攻击的目标是自动执行帐户接管、撞库和网络抓取等欺诈活动，最终目的是窃取客户数据、操纵价格并进行大规模欺诈。

“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence.

Cequence 首席信息安全官 Randolph Barr 表示：“网络犯罪分子正在利用数字商务的快速增长，使用日益复杂的策略来针对企业和消费者。”

"This year's findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”

“今年的调查结果是更广泛趋势的一部分：随着电子商务的不断发展，网络威胁的规模和复杂性也在不断增长。这些调查结果凸显了企业迫切需要采用强大的 API 和机器人管理解决方案来保护收入，保持客户信任，并在日益数字化的世界中保持竞争力。”

To navigate heightened cyber threats, Cequence advises businesses to take the following steps:

为了应对日益严重的网络威胁，Cequence 建议企业采取以下步骤：

* Prioritize API security and bot management throughout the organization, ensuring close collaboration between IT, DevOps, and business teams.

* 在整个组织中优先考虑 API 安全和机器人管理，确保 IT、DevOps 和业务团队之间的密切协作。

* Leverage a multi-layered approach to defense, combining bot detection and blocking capabilities with fraud prevention and detection technologies.

* 利用多层防御方法，将机器人检测和阻止功能与欺诈预防和检测技术相结合。

* Continuously monitor e-commerce applications for suspicious activity, using real-time analytics and threat intelligence to identify and respond to emerging threats quickly.

* 持续监控电子商务应用程序是否存在可疑活动，使用实时分析和威胁情报来快速识别和响应新出现的威胁。

* Block malicious bots at the network edge to prevent them from reaching e-commerce applications and minimize the impact of attacks.

* 在网络边缘阻止恶意机器人，防止它们到达电子商务应用程序并最大限度地减少攻击的影响。

* Use adaptive bot detection techniques to distinguish between good and bad bots and allow legitimate bots to access e-commerce applications without hindrance.

* 使用自适应机器人检测技术来区分好机器人和坏机器人，并允许合法机器人无障碍地访问电子商务应用程序。

* Enforce rate limits and other access controls to prevent bots from overwhelming e-commerce applications with excessive requests and maintain optimal performance.

* 实施速率限制和其他访问控制，以防止机器人通过过多的请求淹没电子商务应用程序，并保持最佳性能。

* Stay informed about the latest cyber threats and trends by subscribing to threat advisories and engaging with the broader cybersecurity community.

* 通过订阅威胁咨询并与更广泛的网络安全社区互动，随时了解最新的网络威胁和趋势。

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection across all internal, external, and third-party APIs to defend against attacks, targeted abuse, and fraud. The flexible deployment model supports SaaS, on-premises, and hybrid installations, and APIs can be onboarded in less than 15 minutes without requiring any app instrumentation, SDK, or JavaScript integration. Cequence solutions scale to handle the most demanding government, Fortune 500, and Global 500 organizations, securing more than 8 billion daily API interactions and protecting more than 3 billion user accounts. To learn more, visit www.cequence.ai.

Cequence 是 API 安全和机器人管理领域的先驱，是唯一提供统一 API 保护 (UAP) 的解决方案，它将所有内部、外部和第三方 API 的发现、合规性和保护结合起来，以防御攻击、有针对性的滥用、和欺诈。灵活的部署模型支持 SaaS、本地和混合安装，API 可在 15 分钟内完成安装，无需任何应用程序工具、SDK 或 JavaScript 集成。 Cequence 解决方案可进行扩展，以应对要求最严格的政府、财富 500 强和全球 500 强组织，确保超过 80 亿次日常 API 交互，并保护超过 30 亿个用户帐户。要了解更多信息，请访问 www.cequence.ai。