Retail Cybersecurity: Common Threats During the Holiday Shopping Season

Josue Ledesma

December 06, 2021

Retail Cybersecurity: Common Threats During the Holiday Shopping Season

With Black Friday past us and Cyber Monday turning into a Cyber Week — the holiday shopping season has started out with a bang. For many retailers, this season is considered the most important shopping period of the year. Even though spending dropped dramatically in 2021 compared to 2020 due to the pandemic, inflation, and supply chain issues, consumers still spent $8.9B during this year’s Black Friday.

But it’s not all jolly spirits for retailers — this period is also a hacker’s paradise who are looking to take advantage of overwhelmed companies and websites. The holiday shopping period often sees an increase in website attacks, and while retailers may know they are under increased pressure, they may not have the resources to bulk up their cybersecurity defenses given their priority on customer service, shipping, and other necessary personnel.

We’re here to shed light on the most types of threats retailers face during the holiday shopping season and offer some recommendations on how to stay secure and safe.

Retail Cybersecurity Challenges and Threats

Threat 1: Payment skimmers

Knowing traffic and transactions are at an all-time high during this period, hackers seek to steal valuable payment data from unwitting customers and retailers alike. This can be done by compromising physical POS systems with malware. If retailers are using any legacy POS systems or haven’t updated them in a while, the devices may be vulnerable to known exploits.

A review of the latest 2021 Verizon Data Breach Investigations Report found that 35% of the last five year’s data breaches that stole payment information involved compromising PoS systems.

With PoS systems and terminals likely to be inundated with a surge in customers, hackers know that this would be prime time to launch an attack in hopes of stealing valuable credit card data.

Threat 2: SQL Injection

Hackers can also compromise a retailers site to steal payment data at the time of an online purchase. This is often done via an SQL injection, which drops malicious code into a site that lurks and steals data. This allows hackers to steal payment data entered into a field without the customer or the knowing.

Magecart is one of the more notorious methods of attack that exploit unpatched Magento versions to drop malicious code to either steal payment data, redirect links to malicious sites, and more recently, mine cryptocurrency without the victim’s knowledge.

While this is an attack that can be leveraged at any time, savvy hackers may choose a time where the attack is likely to go unnoticed given the flurry of activity in stores and websites. If the retailer is inundated with alerts and other pressing issues, any alert that highlights a potential issue may be ignored, dismissed as a false positive, or may not be addressed in time.

Threat 3: Fraudulent transactions

Cybercriminals can try and make a quick buck by committing shopping fraud in two main ways. They can either commit payment fraud, which uses a stolen credit card (stolen via the two methods described above, or via a data breach) to make a purchase.

This can hurt retailers as victims are likely to report the fraudulent purchases. The credit card company will then refund the purchase, passing the cost over to the retailer while charging them a fee for the whole process. In 2020, over 25% of transactions on Cyber Monday were thought to be fraudulent, making the holiday a costly one for unprepared retailers.

Return fraud is another commonly carried out tactic used by scammers and thieves. Done in person or online, scammers can return stolen merchandise or use altered receipts to get a refund for an item they never purchased (and that the retailer will never receive). Without the right authentication or verification process in place, scammers can continue to fake returns and reap cash until the scam is finally flagged.

Given that margins are likely to be tight during these large sale periods, a retailer may actually lose money because of these fraudulent tactics.

Hackers know to carry out these attacks during the holiday shopping season to avoid detection. Without the right detection/monitoring systems, it’s hard to sift through a huge increase in transactions to spot a fraudulent one.

Threat 4: DDoS attacks

Retail websites already see an increase in traffic during the holiday shopping season, especially on specific days such as Black Friday or Cyber Monday.

If a malicious hacker is looking to cause damage, negatively impact a retailer, or leverage increased traffic as a way to carry out another attack, they can launch a DDoS (distributed denial of service) attack on a retailers site. 

A DDoS attack often leverages a botnet, which is a collection of compromised devices, to essentially spam a website with numerous queries to overload the website. If the site doesn’t have the right protection, the abundance of queries can slow down or even bring down the website.

For a retailer who may be expecting a huge increase in revenue during Black Friday and the following holiday shopping season, this could be a way to inflict financial damage by either slowing down purchases or stopping them altogether. This could lead to further implications such as reputational damage and may risk a competitor taking up a larger share of sales during this time.

How companies can improve their retail cybersecurity posture on Black Friday

Retailers cannot treat this time just like any other time from a cybersecurity standpoint. In order to make sure they have the support needed in case of any incident, they’ll need to:

  • Invest in solutions and tools to deal with the above problems: DDoS protection tools, EDR, and anti-fraud solutions can help prevent, detect, and minimize the risk of these threats from compromising your organization.
  • Ready your environment: Patch your tools and software, especially if any systems or devices have any known exploits and make sure you can detect unauthorized users entering or moving within your environment.
  • Increase staff as needed for monitoring and response purposes: Even with the right tools, your cybersecurity staff may not have the time to learn a new tool, manage it, or work with it to properly detect and respond to any flagged behavior or alerts. Consider increasing your headcount, even if just temporarily so you can devote more resources during this high risk period.
  • Work with a managed service partner: Any kind of managed service provider, whether an MSSP, an MSP, or an MDR will be able to provide the above in a packaged manner, saving you time and money when it comes to selecting any new tools or technology and wielding them effectively. Even if it’s just for a short stint, having an extra resource available may make the difference between a good holiday shopping season and a bad one.

Organizations need to react to the demands threats create, even if they are seasonal. It doesn’t make sense for an organization to mobilize around a lucrative holiday shopping season only to lose their profits (and perhaps more than that) to a couple of opportunistic hackers.

Prioritize readiness and make sure you have the resources you need to detect and deal with attacks. Investing in new technologies or partners now can also pay off in the future as you’ll be protected beyond the holiday shopping season.

Learn about 7 of the biggest digital threats facing businesses this holiday season.


Contact an expert



Josue Ledesma

Josue Ledesma is a writer, filmmaker, and content marketer living in New York City. He covers cyber security, tech and finance, consumer privacy, and B2B digital marketing.

View all posts

You might also like