Retailers Face a New Era of AI-Powered Cyberattacks

Modern retailers gather and curate extensive volumes of customer data: personally identifiable information (PII), payment credentials, transaction history, and behavioral data. Every data point helps to design customized experiences and ensure loyalty. However, such digital assets have made retail organizations attractive targets for cybercriminals seeking financial gain through data theft, operational disruption, and extortion practices (ransomware).

A hybrid retail setup combining PoS terminals with online stores, cloud databases, and mobile payment gateways significantly broadens the attack surface. Wireless NFC payment systems, cloud botnets, and Internet of Things (IoT) devices add to the complexity of the security posture.

Couple that with software vulnerabilities and unencrypted data streams, and retail networks become a maze of possible entry points for threat actors. Regulatory pressures raise the stakes. Compliance with GDPR, CCPA, and payment card data (PCI-DSS) compliance is never up for debate.

The retail sector is at a crucial turning point: evolve and protect or face disruptive breaches.

Cyberattacks and Statistical Wake-Up Calls

Figures portray a dismal picture of retailers’ cybersecurity stance. Ransomware attacks grew by 58 percent  between Q1 and Q2. The costs of retail data breaches escalated to an average of $3.48 million last year, up 17.6 percent from the previous year and 10.6 percent above industry average. Retail websites now encounter an average of 569,884 AI-based attacks daily.

Even more discerning is the six-month average downtime to fully recover from a cyberattack.

In 2024, retail and wholesale companies averaged 6.4 months to get back online after a security incident, 26 percent longer than necessary and more than a month behind the expected recovery period of five months. These extended outages not only destroy customer trust but cause operational paralysis during peak holiday times.

Bots Outnumber Human Visitors

According to Radware’s e-commerce threat report, bots represent 57 percent of total traffic to e-commerce sites. The most dangerous dimension, though, is the deployment of malicious artificial intelligence: Threat actors are sending out human-like bots, exploiting APIs, and staging multilayered DDoS attacks.

The line between man-made and machine-driven malicious intent has diffused, compelling retailers to revisit their security frameworks.

Beyond Malware: New Vectors in the Modern Threat Landscape

Attackers harness generative AI and large language models (LLMs), turning automation, speed, and contextual intelligence to pinpoint, exploit, and amplify threats with remarkable accuracy.

AI-powered business logic abuse: Representing over 30 percentof automated assaults, attackers subvert an application’s legitimate workflow to gain unauthorized benefits, whether that’s free merchandise, inflated loyalty points, or manipulated pricing. LLMs can crawl retail sites in minutes, mapping out promotional code mechanics, discount thresholds, and return-policy loopholes. Where a hacker once spent days manually probing checkout flows, AI agents now extract complex rulesets and identify exploitable gaps in real time.

AI scripts: Generative AI creates hyper-personalized phishing messages that incorporate precise order information and insider terminology gathered through reconnaissance, amplifying fraud success rates through manipulation and credential theft.

API breaches: APIs are the binding glue for e-commerce frontends, mobile apps, payment processors, and third-party services. When not properly secured, they are gateways to data exfiltration, transaction attacks, and inventory manipulation. API breaches constitute 16 percentof daily AI-fueled problems.

AI-powered botnets: AI-controlled bots impersonate humans convincingly by navigating product pages, putting items into the cart, even interacting with chat widgets, evading anomaly detection engines. They scrape not only sensitive information but also orchestrate credential stuffing on a large scale, initiate phishing links through contact forms, and spam support chatbots, causing mayhem across departments.

DDoS attacks: Distributed denial of service attacks have jumped 61 percent year-over-year, crippling online stores just as consumer demand peaks. AI solutions identify marketing calendars or holiday spikes, kicking off DDoS campaigns during flash sales, influencer promotions, or holiday weekends. AI systems identify and exploit high-traffic endpoints, such as login portals and checkout pages, draining server resources. Since these requests mimic real users, the majority of network monitors consider them valid, making it challenging for infrastructure teams to detect and block malicious flows.

Today’s Retail Cyber Defense Playbook

Retailers may build a tiered defense strategy by applying the following best practices:

• Encrypt all sensitive data, whether stored or transmitted, to minimize attacks caused by unauthorized access.
• Segregate critical systems, including PoS infrastructure and customer data repositories, by segmenting the network to prevent internal lateral movement by attackers.
• Periodically backup data to reduce business downtime after ransomware or phishing attacks.
• Manage user and device identity and access with zero trust network access (ZTNA), adding both access control and internal threat detection.
• Mitigate supply chain risk by conducting security audits and actively monitoring third-party partners, carefully offboarding former vendors.

A good incident response plan will provide a well-practiced response process, allowing teams to react and recover in a controlled, managed way. Protect human factors by offering security awareness training on password hygiene, threat recognition, and secure application usage.

From AI-based attacks to ransomware attacks and the dark side of bot traffic, the retail sector is at a turning point. Digitization has opened new channels for development while creating sophisticated vulnerabilities that cybercriminals are swift to exploit. Using AI for defense, developing a security-aware workforce, and imposing strict vendor governance will help retailers build consumer confidence and develop operational responsiveness and long-term expansion.

Greg Neville is chief information security officer (CISO) and vice president of Towerwall Cyber Consulting Services. Greg is a board adviser for CyberFusion, providing guidance for the organization’s mission to fulfill the information security talent gap. He was previously CISO for IntelyCare, and vice president, IT and security, for Cogito. He earned a BS in Mathematics from the University of Massachusetts/Amherst. Founded in 1999 in Framingham, Mass., Towerwall focuses exclusively on providing organizations with customized cybersecurity programs and compliance services.