The upcoming peak shopping season, including Black Friday and Cyber Monday, is a harvest time for the e-commerce sector. However, where revenues are expected to be high, so are cybercriminals, for whom it is an equally intense period. This time is also the peak of hacking activity targeting retailers.
The data shows the scale of the threat. The Sophos X-Ops research team identified nearly 90 different hacking groups last year, including groups as active as Akira, Cl0p and Qilin, which were deliberately attacking commerce. Their targets were payment systems, checkout processes and admin accounts to steal revenue, divert payments or steal customer data.
Not only are the number of attacks increasing, but the nature of the attacks is also changing. The ‘State of retail ransomware in 2025’ report reveals a worrying trend. The percentage of attacks based solely on extortion – the threat to publish data without encrypting it – has tripled in just two years, rising from 2% in 2023 to 6% today. Account takeovers remain the second most common type of incident in the sector.
The industry is exacerbated by a shortage of skilled staff. According to Sophos data, limited expertise (cited by 45% of companies) and existing security vulnerabilities (44%) are the main operational risk factors. Retailers face an increasingly complex threat landscape, with attackers constantly looking for vulnerabilities, most commonly in remote access and network devices.
During critical trading weeks, experts recommend that companies ruthlessly prioritise critical systems such as cash registers and payment gateways. It becomes crucial to strictly limit administrator access according to the principle of minimum privileges and to consistently implement multi-factor authentication (MFA) across all access points.
Operators need to be alert to warning signs, such as unusual login patterns or anomalies in payment processes. Particular vigilance should be exercised against sudden, ‘urgent’ requests to upgrade privileges, as attackers often take advantage of time pressure. It is essential to have up-to-date incident response plans and efficient backup strategies.
Fortunately, many traders are gradually beginning to recognise the risks and are responding by investing in cyber defences to stop attacks before they escalate and recover more quickly from them.
