Cybercriminals are using big retail names in attacks this holiday season
Cyber attacks are on the rise all year round, but retailers are at greater risk during the busiest periods around the winter break, experts warn.
In his Retail risk report 2024Trustwave has revealed more about what to look out for this holiday season.
As expected, phishing remains the most popular primary attack vector, with 58% of incidents occurring this way. Misusing valid accounts and exploiting vulnerabilities were also common access methods. More than 90% of attempts to access credentials were brute force attacks, so automated hacking is the trend this Christmas.
Ransomware continues to plague the retail industry, especially in the US – where 62% of attacks occurred – although the disruption of the infamous Lockbit gang is represented by the drop from 34% to 15% of incidents – along with Play.
Ransomware continues to rise
Credential stealers pose a significant threat to e-commerce platforms as they collect personal information from the victim’s device, such as payment details, login details and system information.
The report shows that major retailers are being targeted by information stealers thanks to their huge user base. Investigating ‘Russian Market’, a popular dark web marketplace that specializes in the sale of stolen credentials, the report found that Amazon.com (47%) and Apple.com (28%) had the highest distributions of stolen saw user sessions.
Research has shown that the retail sector has been hit by more ransomware attacks than ever this year. With the average retail data breach costing $3.5 million, the impact of vulnerabilities can be enormous.
The most targeted retail subsector is food and beverage retailing, which accounted for 16% of attacks, closely followed by clothing and home improvement retailing, both at 15%.
It is critical that retailers, regardless of size, are vigilant about their cybersecurity processes and conduct regular audits to combat the rise of sophisticated fraud schemes.