Cyberattacks ride on Asia’s online holiday shopping rush

Photo by Arisa Chattasa

Malicious botnet attacks prevailed during the holiday season in Asia, with a 15% increase in cyberattacks in China over the Lunar New Year in February, showing that cybercriminals are actively trying to take advantage of customers during high-traffic moments.

Akamai Technologies found that the uptick in attacks continues a trend that began with the Chinese e-commerce festival “Singles Day” in November 2021, during which botnet attacks tripled. 

Despite gradually declining after, attack traffic remained relatively high through the end of the year before peaking again with the buildup of retail traffic during the Lunar New Year.

This year, the Lunar New Year coincided with the start of the 2022 Winter Olympics in Beijing, further boosting online sales and making the period more attractive for attackers.

Malicious actors operate year-round, but the high volume of traffic during holiday periods allows them to mask their attacks more easily. Additionally, customers are more likely to update their online shopping profiles with up-to-date credit card information and credentials during this period, providing a more lucrative target for attackers.

As traffic increases, attackers increase the volume of their attacks which include scraping data, draining customer accounts, damaging site functionality and holding encrypted data ransom – at massive cost to a business.

Boaz Gelbord, SVP and chief security officer of Akamai Technologies, said that APAC presents a particularly enticing opportunity for successful cyberattacks because the sheer volume of traffic gives attackers the opportunity to gain foothold more easily and operate freely without timely mitigation. 

“Akamai works with customers to develop strategies that take into account complex attack patterns and behaviors of malicious bots during the holidays and beyond to protect brands and customer loyalty,” said Gelbord.

In Japan, Akamai research measured a 150% increase in malicious botnet activity in the Japanese retail sector around the Gregorian New Year in early January. 

The attacks persisted for a number of weeks following the holiday in a nearly identical attack pattern to that observed in China.

While a similar surge occurs during the high-traffic seen at the end-of-year holidays in Europe, Middle East and Africa and the United States, China and Japan present a particularly enticing opportunity for successful cyberattacks because of the sheer volume in traffic. Retailers and e-commerce here serve some of the largest populations in the world.