The volume of criminal attacks declines 19% year over year in the quarter, though some retailers experience bursts of activity near Thanksgiving, Akamai finds.

Cyber attacks during Thanksgiving week were slower than expected, but some retailers suffered from significant attacks timed for the holidays, according to the recently released “State of the Internet/Security” report from Akamai Technologies Inc.

“The biggest sales season of the year usually signals a marked increase in the number of attacks for all customers, especially retailers,” says Martin McKeay, senior editor of the Akamai report and senior security advocate. “Many merchants breathed a sigh of relief at not being attacked during their most important shopping days. [But] that’s not to say everyone got off without some stress.”

The United States was the biggest country target for cybercriminals in the fourth quarter of 2016, the content delivery network and web security firm finds. Akamai analyzed web security data from Nov. 22-29 for a snapshot of peak time for criminal activity online. The days surrounding Thanksgiving, which was Nov. 24 last year, traditionally mark the start of the holiday shopping season in the United States and include three of the biggest online shopping days of the year—Thanksgiving, Black Friday (the day after Thanksgiving) and Cyber Monday (the Monday after Thanksgiving).

Akamai, which bases its conclusions on attacks it detects and mitigates among its global clients, analyzed data from 3,826 attack events on its network during the fourth quarter but doesn’t release the names of impacted companies. Retailers frequently are targeted for these types of security breaches because of the extensive consumer information housed in their databases and large number of site visitors.

Web application attacks—in which hackers target a particular feature on a website by taking advantage of a flaw or bug within an application or software from an outside provider—declined 19% in the fourth quarter compared with the fourth quarter of 2015, Akamai says. While Q4 was “relatively quiet” for web application attacks, a number of online merchants experienced a bump in these site ambushes, which tend to be cyclical, the study says.


Four retail categories contributed to the spike during the week of Thanksgiving:

  • Apparel and footwear:  Attackers hit a group of related retailers in this merchandise category owned by a common parent company but that operate individual websites. The attacks began each day at about 8 a.m. Eastern during the holiday week. Attackers used a series of cross-site scripting and injection attacks, which insert malicious code into a trusted website, for these recurring incidents.
  • Commerce portals: One merchant with multiple websites around the world was targeted by a steady stream of attacks Nov. 28-29. The attacks didn’t target the merchant’s main web property but local sites it maintains, and Akamai says it’s likely that attackers believed the regional sites would have weaker security.
  • Consumer electronics: On Nov. 26, a large consumer electronics merchant experienced a single huge burst of probes in specialized SQLi attacks, which allow a hacker to bypass a web application’s authentication and authorization mechanisms to retrieve the contents of an entire database, which then subsided. Then a different series of attacks on Nov. 27 besieged multiple consumer electronics sites running the same software, according to the report.
  • Media and entertainment: Several media and entertainment merchants hosted on the same experienced cyberattacks during the week of Thanksgiving. Security analysts soon realized that the attacker was targeting a list of sites that weren’t properly updated and secured. Akamai says the attackers likely identified a platform with a known vulnerability and used this busy season to infiltrate a large selection of these sites.

The United States was the most prolific source country for web application attacks in the quarter, according to the report. However, such attacks in the United States fell 53% year over year.

The United States also was the target of the vast majority of web application attack traffic. “Many large organizations that are targets have significant infrastructure located in the U.S., even if they are based elsewhere,” Akamai says.