Cybercriminals are leveraging big retail names in attacks this holiday season

New research shows Apple and Amazon are most vulnerable

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cyberattacks are on the rise all year round, but retailers face heightened risk in their busiest periods around the winter break, experts have warned.

In its2024 Retail Risk Report, Trustwave has revealed more on what to be on the lookout for this holiday season.

As expected, phishing remains the most popular primary attack vector, with 58% of incidents originating this way. The abuse of valid accounts and exploiting vulnerabilities were also common access methods. Over 90% of credential access attempts were brute-force attacks - so automated hacking is the trend for this Christmas.

Ransomware continues to plague the retail industry, especially in the US - who saw 62% of attacks - although the disruption to the notorious Lockbit gang is represented by its drop from a 34% to 15% share of the incidents - joint top with Play.

Ransomware continues to rise

Credential stealers represent a significant threat to ecommerce platforms since they capture personal information from the victims device like payment details, login credentials, and system information.

The report found that large retailers are targets for info stealers thanks to their huge user bases. Monitoring ‘Russian Market’, a popular dark web marketplace that specializes in the sale of stolen credentials, the report found thatAmazon.com (47%) andApple.com (28%) saw the highest distributions of stolen user sessions.

Studies have shown theretail sector has been hit by more ransomware attacks than everthis year. Since the average data breach costs $3.5 million in the retail sector, the consequences of vulnerabilities can be enormous.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The most targeted retail subsector is food & beverage retail, which accounted for 16% of the attacks, closely followed by apparel and home improvements retail - both at 15%.

It’s key for retailers of all sizes to be vigilant about their cybersecurity processes and conduct regular audits to combat the rise in sophisticated fraud schemes.

More from TechRadar Pro

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

A new form of macOS malware is being used by devious North Korean hackers

Ulefone Armor 27T Pro rugged phone review

Australian Beach Volleyball Tour live stream: How to watch bronze and gold medal matches online for free, finals, start time