Cybercriminals are leveraging big retail names in attacks this holiday season
New research shows Apple and Amazon are most vulnerable
· TechRadarNews By Ellen Jennings-Trace published 31 October 2024
Cyberattacks are on the rise all year round, but retailers face heightened risk in their busiest periods around the winter break, experts have warned.
In its 2024 Retail Risk Report, Trustwave has revealed more on what to be on the lookout for this holiday season.
As expected, phishing remains the most popular primary attack vector, with 58% of incidents originating this way. The abuse of valid accounts and exploiting vulnerabilities were also common access methods. Over 90% of credential access attempts were brute-force attacks - so automated hacking is the trend for this Christmas.
Ransomware continues to plague the retail industry, especially in the US - who saw 62% of attacks - although the disruption to the notorious Lockbit gang is represented by its drop from a 34% to 15% share of the incidents - joint top with Play.
Ransomware continues to rise
Credential stealers represent a significant threat to ecommerce platforms since they capture personal information from the victims device like payment details, login credentials, and system information.
The report found that large retailers are targets for info stealers thanks to their huge user bases. Monitoring ‘Russian Market’, a popular dark web marketplace that specializes in the sale of stolen credentials, the report found that Amazon.com (47%) and Apple.com (28%) saw the highest distributions of stolen user sessions.
Studies have shown the retail sector has been hit by more ransomware attacks than ever this year. Since the average data breach costs $3.5 million in the retail sector, the consequences of vulnerabilities can be enormous.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors