New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

  • Oct 30, 2024

Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues.

In its annual research, Trustwave SpiderLabs highlights the unique factors at play in retail, significant trends currently affecting the industry, including ransomware, shifts in compliance, and the rise of e-commerce, and provides an overview of threat actor techniques by attack stage.

Additionally, Trustwave SpiderLabs has produced two complementary in-depth write-ups on pressing threats in the sector: e-commerce threats and risks, and fraud targeting retailers. Trustwave SpiderLabs’ analysis delves into why these threats are particularly pervasive in the retail vertical, providing retailers with a clearer understanding of the landscape and effective strategies to mitigate risks.

"As we enter the holiday shopping season, the rise in e-commerce threats and the alarming trends in cyber fraud underscore the need for heightened vigilance in protecting consumer data,” said Trustwave CISO Kory Daniels. “A single incident can undermine customer trust and lead to long-term financial impacts, making robust cybersecurity measures not just a necessity but a critical component of sustainable business practices in today’s retail landscape. By prioritizing security, we not only protect our customers but also foster trust, ensuring a secure and enjoyable experience this holiday season."

Cybersecurity in the retail sector is particularly challenging due to the increasing complexity of IT environments, which often encompass in-store systems, online platforms, and supply chain networks. Retailers also face a unique threat landscape due to seasonal fluctuations, third-party dependencies, physical security risks, and franchise models.

Key findings from Trustwave SpiderLabs’ retail research series include:

  • 58% of attacks originated from phishing
  • 47% of stolen user sessions leverage Amazon domains
  • 92% of credential access techniques were brute-force attempts
  • 15% of ransomware attacks were conducted by Play and LockBit
  • 62% of ransomware attacks were in the US
  • 16% of ransomware attacks targeted Food & Beverage retailers

In 2023, Trustwave released its first Retail Threat Intelligence Briefing that analyzed the attack flow specific to the retail sector, offering insight on specific threat actors, actionable intelligence, and recommended mitigations for each stage.

To access this year’s research, please click here for the full retail threat research series.

Featured

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”