With shopping season fast approaching, David Warburton, Director, F5 Labs, assesses the cybersecurity trends that grocery, fashion and e-commerce retailers should be aware of this Black Friday and Cyber Week.
Grocery Prediction: The grocery industry is expected to remain a key target for automation in 2024, particularly in relation to web flows such as login, registration, and add-to-cart pages. Attackers will likely continue to focus on creating fake accounts and exploiting them for high-demand product purchases during Black Friday.
Why: According to F5 Labs analysis, the 2023 trend of consistent automation targeting add-to-cart and login flows indicates persistent interest in the grocery industry. The rise in automation in early November suggests attackers are preparing early for peak shopping periods.
Fashion Prediction: Fashion retailers should prepare for automation targeting search product endpoints early in November, followed by a shift to add-to-cart and gift card flows closer to Black Friday.
Why: Observed patterns from 2023 show attackers leveraging scraping activities during product searches before transitioning to fraudulent gift card and purchase activities. This reflects a well-coordinated strategy to exploit peak sales periods.
eCommerce Prediction: eCommerce platforms will likely face a surge in automation targeting login pages and mobile registration flows, particularly leading up to Black Friday. Spikes in credential stuffing and fake account creation are also anticipated.
Why: Data from 2023 highlights that attackers are shifting focus to login flows, likely due to the lucrative potential for account takeover and reseller bot activity. The spike in mobile automation leading up to Black Friday suggests attackers prepare early for fraud on these platforms.
