A growing number of cyberattacks are being launched with the help of Artificial Intelligence (AI) and Large Language Models (LLM), new research has claimed.
A report from Imperva noted between April and September 2024, its Threat Research team analyzed thousands of attacks, finding retail sites collectively experience more than 500,000 AI-powered attacks every day.
These attacks, the researchers explain, often originate from AI tools such as ChatGPT, or Gemini, alongside bots designed to scrape websites for LLM training data. Cybercriminals were said to be using these tools mostly in business logic abuse attacks, DDoS attacks, bad bots attacks, and API violations.
Business logic attacks
Business logic abuse was described as the most common AI-driven attack, taking up almost a third (30.7%) of all incidents. It involves abusing legitimate features of different apps and APIs to carry out cyberattacks. DDoS are a close second (30.6%), while bad bot attacks take up a fifth (20.8%). The bots are designed to scrape pricing data, run credential stuffing, as well as inventory hoarding.
“In previous years, we’ve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats,” said Nanhi Singh, General Manager of Application Security at Imperva.
Singh added retail businesses need robust defenses, and a comprehensive strategy, otherwise, they are risking losing sensitive personal information, including credit card details, people’s addresses, and other account information. Identity theft and similar attacks can lead to a tarnished image, loss of business, lawsuits, and regulator fines.