Cybercriminals are leveraging big retail names in attacks this holiday season

A person using a smartphone with an ecommerce website showing on a laptop.
(Image credit: Shutterstock/Andrey_Popov)

Cyberattacks are on the rise all year round, but retailers face heightened risk in their busiest periods around the winter break, experts have warned.

In its 2024 Retail Risk Report, Trustwave has revealed more on what to be on the lookout for this holiday season.

As expected, phishing remains the most popular primary attack vector, with 58% of incidents originating this way. The abuse of valid accounts and exploiting vulnerabilities were also common access methods. Over 90% of credential access attempts were brute-force attacks - so automated hacking is the trend for this Christmas.

Ransomware continues to plague the retail industry, especially in the US - who saw 62% of attacks - although the disruption to the notorious Lockbit gang is represented by its drop from a 34% to 15% share of the incidents - joint top with Play.

Ransomware continues to rise

Credential stealers represent a significant threat to ecommerce platforms since they capture personal information from the victims device like payment details, login credentials, and system information.

The report found that large retailers are targets for info stealers thanks to their huge user bases. Monitoring ‘Russian Market’, a popular dark web marketplace that specializes in the sale of stolen credentials, the report found that Amazon.com (47%) and Apple.com (28%) saw the highest distributions of stolen user sessions.

Studies have shown the retail sector has been hit by more ransomware attacks than ever this year. Since the average data breach costs $3.5 million in the retail sector, the consequences of vulnerabilities can be enormous.

The most targeted retail subsector is food & beverage retail, which accounted for 16% of the attacks, closely followed by apparel and home improvements retail - both at 15%.

It’s key for retailers of all sizes to be vigilant about their cybersecurity processes and conduct regular audits to combat the rise in sophisticated fraud schemes.

More from TechRadar Pro

TOPICS
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
ransomware avast
AI is helping hackers get access to systems quicker than ever before
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Don’t let holidays be your cybersecurity downfall
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over