Threat Actors Zero in on Retailers as the Holiday Shopping Season Approaches

October 22, 20242 Minute Read

Trustwave SpiderLabs on October 29 will launch its second deeply researched look into the threats facing the retail sector.

The 2024 Trustwave Risk Radar Report: Retail Sector will cover in detail the threats facing the industry, the most prominent adversaries in the field, and the commonly used methods to attack retailers.

The main report is supported by two supplementary pieces:

• Retail Sector Deep Dive: Rise of E-commerce Threats
• Retail Sector Deep Dive: Fraud Targeting Retailers

All three reports, which build upon the earlier 2023 Retail Sector Threat Briefing and Mitigation Strategies, are the culmination of the effort of more than 250 Trustwave SpiderLabs cybersecurity experts across the globe, tasked to research the top threats in today's landscape. With an email security team dedicated to analyzing millions of phishing URLs validated daily, our Advanced Continuous Threat Hunting, Digital Forensics and Incident Response, Malware Reversal, and Database Security teams, we're able to share insight into identifying how breaches in retail occur.

These activities are supported by the 200,000 hours of penetration tests we conduct annually that uncover tens of thousands of vulnerabilities.

The report offers granular information on retail's unique threat landscape, including the seasonality of cyberattacks, dependency on third-party suppliers, the physical security risks inherent in operating brick-and-mortar storefronts, and diverse payment systems that must be accommodated.

Some of the report's key findings are:

• Most attacks originate with a phishing incident
• Almost half of the stolen user sessions leverage Amazon domains
• Brute-force techniques are the primary method used to gain credential access
• Most ransomware attacks struck US targets.

When it comes to ransomware, the report found food and beverage retailers top attackers' target lists, followed by apparel and home improvement companies.

Another threat vector retailers must observe and defend against is fraud. Trustwave SpiderLabs found extensive evidence of sophisticated fraud schemes being used to target retailers, resulting in financial losses and reputational damage. Enhancing fraud detection measures, educating employees and customers, and conducting regular audits are essential steps to combat these schemes.

Trustwave will run three webinars offering a first-hand explanation of all three retail reports by the researchers themselves and an opportunity to ask questions:

• Risk Radar: A 360-Degree View of Threats in Retail
• A Deep Dive into Threats and Strategies for Protecting E-Commerce Data
• Fraud Targeting Retailers: A Growing Threat

You can register herefor all three webinars.

Please circle back to the Trustwave blog on October 29 and download your copy of the report for all the details on the threats facing the retail sector, along with instructions on how organizations can protect themselves during the upcoming holiday shopping season.

The Trustwave SpiderLabs Industry Report Series

The 2024 Trustwave Risk Radar Report: Retail Sector is the latest in a series researched and published by Trustwave SpiderLabs starting last year. Please visit these for our most recent research primary and complimentary reports:

• 2024 Trustwave Risk Radar Report: Financial Services Sector

• Financial Services Deep Dive: Phishing-as-a-Service
• Financial Services Deep Dive: Insider Threat

To dive into earlier Trustwave SpiderLabs vertical sector research, click here.

Cybersecurity Awareness Month: The Great Offensive Security/Active Defense Strategy

Ransomware Readiness: 10 Steps Every Organization Must Take

How to Implement Microsoft Security Products for Maximum Value