Trustwave report highlights e-commerce threats and growing fraud against retailers

Oct. 29, 2024
Ransomware, shifts in compliance, and the rise of e-commerce have unique effects on the retail industry.

Trustwave today released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues.

In its annual research, Trustwave SpiderLabs highlights the unique factors at play in retail, significant trends currently affecting the industry, including ransomware, shifts in compliance, and the rise of e-commerce, and provides an overview of threat actor techniques by attack stage.

Additionally, Trustwave SpiderLabs has produced two complementary in-depth write-ups on pressing threats in the sector: e-commerce threats and risks and fraud targeting retailers. Trustwave SpiderLabs’ analysis delves into why these threats are particularly pervasive in the retail vertical, providing retailers with a clearer understanding of the landscape and effective strategies to mitigate risks.

"As we enter the holiday shopping season, the rise in e-commerce threats and the alarming trends in cyber fraud underscore the need for heightened vigilance in protecting consumer data,” said Trustwave CISO Kory Daniels. “A single incident can undermine customer trust and lead to long-term financial impacts, making robust cybersecurity measures not just a necessity but a critical component of sustainable business practices in today’s retail landscape. By prioritizing security, we not only protect our customers but also foster trust, ensuring a secure and enjoyable experience this holiday season."

Cybersecurity in the retail sector is particularly challenging due to the increasing complexity of IT environments, which often encompass in-store systems, online platforms, and supply chain networks. Retailers also face a unique threat landscape due to seasonal fluctuations, third-party dependencies, physical security risks, and franchise models.

Trustwave SpiderLabs’ 2024 research series on the retail vertical includes:

Key findings from Trustwave SpiderLabs’ retail research series include:

  • 58% of attacks originated from phishing.
  • 47% of stolen user sessions leverage Amazon domains.
  • 92% of credential access techniques were brute-force attempts.
  • 15% of ransomware attacks were conducted by Play and LockBit.
  • 62% of ransomware attacks were in the US.
  • 16% of ransomware attacks targeted food and beverage retailers.

In 2023, Trustwave released its first Retail Threat Intelligence Briefing that analyzed the attack flow specific to the retail sector, offering insight on specific threat actors, actionable intelligence, and recommended mitigations for each stage.

To access this year’s research, please click here for the full retail threat research series.