Leading cybersecurity and managed security services provider, Trustwave has released a series of reports detailing the threats facing the retail sector.
In its annual research, Trustwave SpiderLabs highlights the unique factors at play in retail, significant trends currently affecting the industry, including ransomware, shifts in compliance, and the rise of e-commerce, and provides an overview of threat actor techniques by attack stage.
Trustwave SpiderLabs has produced two complementary in-depth write-ups on pressing threats in the sector: e-commerce threats and risks, and fraud targeting retailers. Trustwave SpiderLabs’ analysis delves into why these threats are particularly pervasive in the retail vertical, providing retailers with a clearer understanding of the landscape and effective strategies to mitigate risks.
The research shows 92% of credential access techniques were brute-force attempts. Close to three in five (58%) attacks originated from phishing and almost half (47%) of stolen user sessions leverage Amazon domains.
In addition, 16% of ransomware attacks targeted food and beverage retailers and 15% of ransomware attacks were conducted by Play and LockBit.
Trustwave chief information security officer, Kory Daniels said, “As we enter the holiday shopping season, the rise in e-commerce threats and the alarming trends in cyber fraud underscore the need for heightened vigilance in protecting consumer data.
“A single incident can undermine customer trust and lead to long-term financial impacts, making robust cybersecurity measures not just a necessity but a critical component of sustainable business practices in today’s retail landscape. By prioritising security, we not only protect our customers but also foster trust, ensuring a secure and enjoyable experience this holiday season.”
Trustwave global director of cyber advisory, Craig Searle added, “While the global retail landscape is increasingly homogenised due to the influence of major online retailers like Amazon and Temu, there are still unique characteristics within the Australian market. One notable distinction is the classification of major grocery chains and some of their suppliers as ’SOCI-obliged’.
“This designation imposes enhanced cybersecurity obligations and reporting requirements mandated by the Australian Federal Government in the event of a breach under the Security of Critical Infrastructure Act 2018 (SOCI). This regulatory framework highlights a heightened focus on cybersecurity within the Australian retail sector, setting it apart from other countries where such obligations may not be as stringent.”