Cybercriminals are leveraging big retail names in attacks this holiday season

News
By published

New research shows Apple and Amazon are most vulnerable

A person using a smartphone with an ecommerce website showing on a laptop.
(Image credit: Shutterstock/Andrey_Popov)

Cyberattacks are on the rise all year round, but retailers face heightened risk in their busiest periods around the winter break, experts have warned.

In its 2024 Retail Risk Report, Trustwave has revealed more on what to be on the lookout for this holiday season.

As expected, phishing remains the most popular primary attack vector, with 58% of incidents originating this way. The abuse of valid accounts and exploiting vulnerabilities were also common access methods. Over 90% of credential access attempts were brute-force attacks - so automated hacking is the trend for this Christmas.

Ransomware continues to plague the retail industry, especially in the US - who saw 62% of attacks - although the disruption to the notorious Lockbit gang is represented by its drop from a 34% to 15% share of the incidents - joint top with Play.

Ransomware continues to rise

Credential stealers represent a significant threat to ecommerce platforms since they capture personal information from the victims device like payment details, login credentials, and system information.

The report found that large retailers are targets for info stealers thanks to their huge user bases. Monitoring ‘Russian Market’, a popular dark web marketplace that specializes in the sale of stolen credentials, the report found that Amazon.com (47%) and Apple.com (28%) saw the highest distributions of stolen user sessions.

Studies have shown the retail sector has been hit by more ransomware attacks than ever this year. Since the average data breach costs $3.5 million in the retail sector, the consequences of vulnerabilities can be enormous.

The most targeted retail subsector is food & beverage retail, which accounted for 16% of the attacks, closely followed by apparel and home improvements retail - both at 15%.

It’s key for retailers of all sizes to be vigilant about their cybersecurity processes and conduct regular audits to combat the rise in sophisticated fraud schemes.

More from TechRadar Pro

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.