Cequence 研究显示，由于恶意机器人流量和欺诈企图，整个 12 月企业每小时可能面临平均 258 万美元的潜在损失

该报告基于 Cequence 统一 API 保护 (UAP) 平台的数据，重点介绍了网络犯罪分子如何在黑色星期五和网络星期一等购物高峰期利用不断增加的攻击面。

Cybercriminals are targeting businesses with an average of $2.58 million in potential losses every hour throughout December due to malicious bot traffic and fraud attempts, according to new research from Cequence.

根据 Cequence 的最新研究，网络犯罪分子瞄准的企业在整个 12 月份平均每小时因恶意机器人流量和欺诈企图而造成 258 万美元的潜在损失。

The report, which is based on data from Cequence’s Unified API Protection (UAP) platform, highlights how cybercriminals are exploiting the increasing attack surfaces during peak shopping periods such as Black Friday and Cyber Monday.

该报告基于 Cequence 统一 API 保护 (UAP) 平台的数据，重点介绍了网络犯罪分子如何在黑色星期五和网络星期一等购物高峰期利用不断增加的攻击面。

Findings from the study show a significant rise in e-commerce transactions, which doubled from 5.1 billion in 2023 to 10.4 billion in 2024. Of these transactions, 34.62% were flagged as malicious, reflecting a 138.57% increase from the previous year.

研究结果显示，电子商务交易量大幅增长，从 2023 年的 51 亿笔增长到 2024 年的 104 亿笔，翻了一番。其中，34.62% 的交易被标记为恶意交易，比上一年增长了 138.57%。

Over an 11-day period from Black Friday to Cyber Monday, the report identifies potential losses from cybercrime amounting to USD $681.12 million, with projections for December 2024 estimating losses averaging USD $2.58 million per hour, totalling USD $1.79 billion.

从黑色星期五到网络星期一的 11 天期间，该报告确定网络犯罪造成的潜在损失达 6.8112 亿美元，预计到 2024 年 12 月损失平均每小时 258 万美元，总计 17.9 亿美元。

There was also a marked increase in sophisticated attack techniques, such as credential stuffing, SMS pumping, and token farming, which rose by 700% year-over-year.

撞库、短信泵送、代币挖矿等复杂攻击技术也显着增加，同比增长 700%。

In one real-world example, a major e-commerce company was able to use Cequence’s bot and API protection capabilities to thwart an SMS pumping attack—which could have cost the company $3,000 every four hours—by blocking fraudulent account creation and preventing further financial losses.

在一个真实的示例中，一家大型电子商务公司能够使用 Cequence 的机器人程序和 API 保护功能来阻止 SMS 攻击，该攻击可能导致该公司每四个小时损失 3,000 美元，方法是阻止欺诈性帐户创建并防止进一步的财务损失。损失。

Cequence also reported handling a 125% surge in traffic on Black Friday, during which it blocked 11.5 million malicious attempts while maintaining seamless customer experiences.

Cequence 还报告称，黑色星期五处理的流量激增 125%，在此期间阻止了 1150 万次恶意尝试，同时保持了无缝的客户体验。

The research highlights the challenge for businesses in defending against high-volume, sophisticated attacks, as evidenced by the 72.6% increase in mitigated malicious traffic from 2023 to 2024.

该研究强调了企业在防御大量复杂攻击方面面临的挑战，从 2023 年到 2024 年，缓解的恶意流量增加了 72.6% 就证明了这一点。

“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, Chief Information Security Officer at Cequence. “This year’s findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”

Cequence 首席信息安全官 Randolph Barr 表示：“网络犯罪分子正在利用数字商务的快速增长，使用日益复杂的策略来针对企业和消费者。” “今年的调查结果是更广泛趋势的一部分：随着电子商务的不断发展，网络威胁的规模和复杂性也在不断发展。这些发现凸显了企业迫切需要采用强大的 API 和机器人管理解决方案来保护收入、维持客户信任并在日益数字化的世界中保持竞争力。”

The research includes several recommendations for businesses to mitigate the risk of cybercrime during peak periods, such as enhancing incident readiness with regular security drills, mapping the attack surface to eliminate exploitable blind spots, and aligning security measures with business objectives to simultaneously protect and enhance user experiences.

该研究包括为企业减轻高峰期网络犯罪风险的几项建议，例如通过定期安全演习增强事件准备情况、绘制攻击面以消除可利用的盲点，以及根据业务目标调整安全措施以同时保护和增强用户经验。

Cequence also advises deploying multi-layered security strategies, monitoring anomalous behaviour, strengthening access controls, investing in real-time threat management, and optimising systems for high-traffic events like Black Friday for improved security during peak periods.

Cequence 还建议部署多层安全策略、监控异常行为、加强访问控制、投资实时威胁管理以及针对黑色星期五等高流量事件优化系统，以提高高峰时段的安全性。