Kaspersky Reveals Cyber Attack Trends in Retail and E-commerce for 2025

JAKARTA - The cybersecurity landscape in the retail and e-commerce sector through 2025 shows increasingly complex threats, ranging from data theft to a surge in ransomware and phishing attacks.

In its 2025 cybersecurity review for the retail and e-commerce sector, Kaspersky revealed that online shopping or ordering food through apps, no longer guarantees user data security.

Even downloading a seemingly legitimate app from the official app store is not necessarily protecting personal and financial credentials from compromise.

B2B Ransomware Increases

Ransomware detection in the B2B sector is increasing due to a dominant actor. The number of unique users in the Retail & E-commerce sector who have experienced ransomware detection increased by 152% in 2025 compared to 2023.

The most significant growth occurred during the period 2024-2025 and was largely due to the rapid spread of the Trojan-Ransom.Win32.Dcryptor family, which became very common across the retail and e-commerce sectors in some of the markets analyzed.

Retail Phishing Emerges

From November 2024 to October 2025, Kaspersky products blocked 6,651,955 attempts to access phishing links targeting users of online stores, payment systems, and delivery services.

From these efforts, 50.58% targeted online buyers, 27.3% imitated payment systems, and 22.12% targeted delivery company users.

Shopping Festival Becomes the Peak of the Attack

Seasonal peaks in online shopping consistently provide predictable opportunities for attackers to increase attacks targeting users.

The period of increased promotional activity lowers user vigilance and allows known phishing and spam scenarios to blend with legitimate marketing traffic, thereby increasing their overall effectiveness.