The epidemic provides loopholes, and online scams are more likely to target sellers

As online shopping surged during the pandemic , online criminals had new opportunities. And in 2020, they took advantage of them.

Findings from NuData Security and Webscale Networks indicate that criminals are attacking online retailers with greater sophistication and frequency than before the pandemic .

NuData, the online security company owned by Mastercard, classified 76% of attacks on retailers as “sophisticated” in the second half of 2020. This is up from 38% in the first half of 2020 and 35% in 2019. NuData’s analysis is based on monitored activity across the global NuData network.

“Just like online security companies look for trends, fraudsters look for trends,” said Dave Senci, vice president of product development at NuData. Cybercriminals, he believes , also need to pay attention to what works, adapt to new situations and improve their tactics.

NuData said sophisticated automated attacks can occur more slowly than what the company calls "basic attacks," which it defines as attacks that focus on generating a large number of attacks, rather than fewer, higher-quality attacks.

Criminals are getting smarter in other ways, too, Senchi said. For example, 55% of attacks in the second half of 2020 involved reused IP addresses, a sign of a largely automated attack, down from 77% in the first half of the year. Attackers are also getting better quality user credentials than in the past, the study found.

The average percentage of successful credentials per attack nearly doubled from 1.4% in the first half of the year to 2.6% in the second half of 2020. In the retail industry, the success rate was 11.0% in the second half of 2020, up from 1.18% in the first half of the year. This means that criminals were able to access e-commerce sites using the correct user credentials (e.g. username and password) 11.0% of the time.

According to Webscale, an e-commerce cloud automation , management, and hosting provider , 2020 has seen a significant increase in attacks of all types.

For example, retailers saw a 50% surge in the number of Magecart-type attacks in 2020 compared to 2019. During the holiday season, Magecart-type attacks increased 81% compared to the same period in 2019.

Webscale said that in 2020, there were more than 2.5 million incidents of digital skimming, compromising more than 25,000 websites .

Webscale’s data comes from a survey of 1,572 e-commerce professionals in 21 countries, including those at retailers (83% of respondents) and digital agencies (18%).

Nearly two-thirds of the companies surveyed reported a 20% increase in security incidents . Webscale said 78% of respondents reported at least one cybersecurity incident in 2020. 62% of respondents said the financial impact of security incidents was significant, with the average impact ranging between $100,000 and $250,000.

Online scams

Seller