Fraudsters Siphon $360M From Retailers Using 50M Fake Shoppers

"In general, we've seen over the last five years that no longer can security be focused on the crown jewels just being on the server side," Sullivan says. "Across a number of industries, we see attackers more focused on the client side. We've seen supply chain attacks where the fraudsters gain control of the javascript running on the client side, for example."

The surge in fraud included techniques such ad injection, search engine redirects, and affiliate fraud — and shows the trouble that cybercriminal automation such as bots can cause for online commerce providers.

While businesses tend to focus on attacks against their own infrastructure — the server side — they pay less attention to what is going on with visitors' systems and browsers, he says.