Now more than ever, retail cybersecurity threats are causing lost revenue as cybercriminals are focusing on the retail industry, launching cyberattacks and data theft on retailers as well as their customers.

The eCommerce industry was steadily growing; however, the onset of the covid-19 pandemic created the demand that expanded online shopping so quickly that IT security teams scrambled to keep up.

Both online and in-store attacks can be catastrophic for retail businesses, especially if they disrupt operations during critical shopping seasons. Such attacks can cost millions in lost revenue.

Below are seven common cybersecurity threats that affect retailers and their customers.

1. Ransomware


Retail was hit hard during the Covid-19 pandemic. Managing security during this time of rapid online expansion posed challenges for IT teams, consuming resources as the workload increased. This growth exacerbated existing security challenges like maintaining and updating legacy systems.

A ransomware attack on a retailer (store-based or online) can encrypt vital data affecting everything from a total outage of the online eCommerce website to the failed Point of Sale (POS) transactions in-store.

Furthermore, as systems and companies merged, IT teams had to integrate systems while protecting invaluable customers’ personal information and financial data. Cybercriminal gangs quickly targeted the retail sector with ransomware as the online shopping market boomed.

2. Customer Data Theft

Customer Data Theft

Data security should be a high priority for eCommerce merchants today, especially those using a cloud-hosted platform using Software as a Service (SaaS).

A data breach threatens more than just the company’s proprietary data. Retail sites house personal and financial customer data. Cybercriminals often use email phishing to distribute malware to access login credentials, mailing addresses, and credit card information.

The larger the eCommerce site, the more extensive the customer database. This can lead to a devastating blow for the company as hundreds to thousands of customers are affected by the breach.

3. Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) Attack

A Distributed Denial of Service (DDoS) attack on retail is designed to render the target eCommerce site inaccessible to customers. The site may be slow to an end-user, with product images not loading and the shopping cart unusable.

This type of attack works by creating thousands of fake requests that ultimately overload the target. Quite often, the computers sending these requests have been infected with malware. The DDoS attack bogs down the site, so customers cannot complete transactions.

DDoS attacks are often successful when a retailers underlying systems are already overloaded when experiencing heavy traffic; the site infrastructure and servers may not be able to respond to the users’ requests in a timely manner if a DDoS attack pushes it over the edge.

4. PoS and IoT device Compromise

PoS and IoT device Compromise

As Point Of Sale (POS) systems operate using a mix of hardware, software, and cloud-based components, they create ample opportunity for cybercriminals to take advantage of these layered systems.

Deploying malware to a POS device enables criminals to collect financial data, deploy ransomware, and spread the infection to connected systems is big business for cybercriminals.

It is vital that POS devices are running the latest operating system version, software patches and security updates (including Day Zero updates) to ensure complete protection.

Additional threats exist when Internet of Things (IoT) devices are used during the retail sale process and payment transaction. While most retailers employ IoT devices, many still need to develop effective security measures to protect against cyber attacks that target IoT devices.

Because many IoT devices are used to track customers’ purchase histories, hackers could gain access to this data. Or, customers can fall victim to scams prompting them to log in to spoofed versions of Google Pay.

5. Denial of Inventory

shopping cart

When a customer selects an item when shopping online and places that item in the cart but does not purchase it, this prevents the retailer from selling it to other customers.

Cybercriminals have scaled this into a Denial of Inventory attack using programmed, automated bots that disrupt the online sales process. The bots create a damaging army of phoney users that take hold of a large chunk of inventory and prevent honest buyers from purchasing the items.

By the time the items are removed from the cart, potential buyers have gone elsewhere. In addition to the lost sales, the eCommerce site will gain a reputation for poor user experience and customer service due to seemingly low inventory.

6. Web Skimming Attack

The online version of physical card skimming, a web skimming attack, targets online shoppers as its primary target. A web skimmer is malicious JavaScript (JS) code cybercriminals install onto browser-based payment sites.

Criminals skim visitors’ credit card or other payment information details when they make purchases or reservations online. Skimmers may also hijack the path to the site’s payment forms and reroute users to their own payment page. After they collect the user’s financial data, they send the user, along with their information, to their own servers.

Hackers can also exploit security flaws in third-party client-side code and insert malicious code to capture customer information from legitimate retailer websites.

7. Website Cloning Attack

Website Cloning Attack

Website cloning is the act of copying a website and then duplicating it so that it’s indistinguishable from the original. Cybercriminals purchase a misleading domain name ahead of time that’s similar to the site they plan to copy. The cloning process is automated so the criminal can quickly publish to the fake domain name in a matter of minutes.

A successful DNS attack allows the hackers to steal the legitimate site’s traffic and steer them toward the fake site instead. From there, the unsuspecting users become victims of various scams, including phishing. They are prompted to purchase nonexistent products, which leads to stolen credit card data or malware attacks on their computer.

An increasing number of tools are available to aid criminals in automatically generating website clones. Some of those include scraper bots that leverage several technologies to disguise themselves as legitimate human users. Thus, website administrators have yet to learn that the site has been infiltrated and copied.


Now that the eCommerce market has experienced the revolutionary boom brought on by the pandemic, they remain a lucrative target for ransomware attacks. These sites, along with third-party pay platforms, are epicentres of personal and financial data. A business of any size can lose critical data and customer trust if its systems are breached.

Retail business owners need to be aware of the increasing level of threats and spend due time and resources on security. Updating legacy systems and maintaining the latest security patches is vital to ensure that the retail sector evolves along with the latest security flaws and trends.

Get In Touch

SD-WAN, Anti-Malware, Next Generation Anit-Virus, SASE and Immutable Backup, Securus has a security solution to suit your requirement and budget.

Let’s discuss your latest network security requirements in more detail.

Further Technology Articles