Trustwave highlights rising e-commerce threats in retail sector

Trustwave has released its latest SpiderLabs report highlighting significant e-commerce threats and increasing fraud risks facing the retail sector.

The report describes trends affecting the industry such as ransomware, evolving compliance requirements, and the growth of e-commerce. Trustwave SpiderLabs provides an overview of threat actor tactics at each stage of an attack.

Complementary write-ups accompany the report, delving into e-commerce threats and fraud targeting retailers. This analysis assists retailers in understanding the risk landscape and in developing strategies to mitigate these threats.

Kory Daniels, Chief Information Security Officer at Trustwave, stated, "As we enter the holiday shopping season, the rise in e-commerce threats and the alarming trends in cyber fraud underscore the need for heightened vigilance in protecting consumer data."

Daniels added, "A single incident can undermine customer trust and lead to long-term financial impacts, making robust cybersecurity measures not just a necessity but a critical component of sustainable business practices in today's retail landscape. By prioritising security, we not only protect our customers but also foster trust, ensuring a secure and enjoyable experience this holiday season."

The complexities of IT environments such as in-store systems, online platforms, and supply chain networks make cybersecurity in retail particularly challenging. Seasonal fluctuations, third-party dependencies, and physical security risks add unique challenges.

Craig Searle, Global Director - Cyber Advisory at Trustwave, commented, "While the global retail landscape is increasingly homogenised due to the influence of major online retailers like Amazon and Temu, there are still unique characteristics within the Australian market. One notable distinction is the classification of major grocery chains and some of their suppliers as 'SOCI-obliged'."

Searle continued, "This designation imposes enhanced cybersecurity obligations and reporting requirements mandated by the Australian Federal Government in the event of a breach under the Security of Critical Infrastructure Act 2018 (SOCI). This regulatory framework highlights a heightened focus on cybersecurity within the Australian retail sector, setting it apart from other countries where such obligations may not be as stringent."

Trustwave SpiderLabs' 2024 research series includes the Trustwave Risk Radar Report for the Retail Sector and two deep dives: one on the rise of e-commerce threats and another on fraud targeting retailers.

The retail research series identifies that 58 percent of attacks originated from phishing, 47 percent of stolen user sessions leveraged Amazon domains, 92 percent of credential access techniques were brute-force attempts, 15 percent of ransomware attacks were conducted by Play and LockBit, 62 percent of ransomware attacks occurred in the US, and 16 percent targeted food and beverage retailers.

Trustwave's first Retail Threat Intelligence Briefing, released in 2023, provided analysis on attack flow specific to the retail sector and offered insights on particular threat actors, actionable intelligence, and mitigation recommendations.