Advertisement
Live broadcast

Confluence of attacks: retail was subjected to record hacker attacks during the holidays

On the eve of February 23 and March 8, online stores, flower and gift delivery services were hit.
0
Photo: IZVESTIA/Sergey Konkov
Озвучить текст
Select important
On
Off

On the eve of the holidays on February 23 and March 8, Russian retail faced record-breaking hacker attacks in frequency and intensity, cybersecurity companies told Izvestia. Compared to last year, they have become three times more powerful in terms of requests, and the proportion of short but destructive strikes has increased. With their help, the attackers tried to disable online stores, flower and gift delivery services, and payment platforms. About what such activity is connected with and what goals it pursued is in the Izvestia material.

Which attacks have become record-breaking

The number of hacker attacks on the network infrastructure of Russian retail increased significantly in late February and early March, cybersecurity companies told Izvestia. So, according to StormWall, only in the period from February 15 to February 25 they increased the capacity of their requests three times compared to the same period last year.

"For retailers, this meant that the actions of intruders could lead to the failure of payment gateways and make it impossible to place orders. The number of "probing" attacks lasting up to 15 minutes has also increased significantly — by nine times," the experts noted.

A 1.9-fold jump also occurred in the segment of medium-duration attacks, which are conducted for 12-24 hours. Hackers are increasingly resorting to resource depletion tactics in an effort to disable retail platforms for a long time. This creates the risk of disrupting delivery and order processing.

In 2026, the number of attacks using botnets — networks from a variety of infected computers and other Internet-connected devices - also increased significantly. If in 2025 the largest botnet contained 2.36 million IP addresses, then on the eve of February 23, an attack using more than 3.5 million was recorded, and on March 8, 6.97 million infected devices.

DDoS attacks, which Russian retailers are exposed to, have also become much more destructive in 2026.

"Terabit attacks have become a harsh reality for online stores,— said StormWall analysts. — The maximum attack power at the network level increased by 129% during this period, to 2.08 Tbps. Under such conditions, even large marketplaces can be completely cut off from customers in seconds. Another trend is that the number of powerful attacks (over 100 Gbit/s) on retail on March 8 has increased almost 10-fold this year."

Such incidents, according to experts, overload communication channels and transit hubs, disabling the entire infrastructure of the retailer. Moreover, in March 2026, DDoS attacks became more "targeted" for the business processes of retail chains.

"The geography of threats has shifted significantly in March this year. Brazil has become the new leader in the number of IP sources. This is due to the development of attacks involving the Kimwolf botnet. Over the year, the number of attacking IP addresses from this country has grown to 898,000, overtaking Turkey," the company noted.

For retailers working with an international audience, this means the need to rebuild traffic profiles and geo-blocking rules.

Secret passage: how hackers attack smartphones with hidden viruses
Malware is running in the background for cybercriminals

How else was retail attacked

A noticeable increase in DDoS activity in the Russian segment of the Internet in late February and early March was confirmed by Daniel Shcherbakov, Deputy CEO of Servicepipe. The number of recorded attacks during these periods increased by about 20% compared to the same dates in 2025.

"At the same time, the nature of the attacks varied significantly these days," he said. "On February 23, government resources and politically significant infrastructure became the main targets. The attacks were powerful and intense: the average load was 20-40 Gbps, with peak values reaching 37 million packets per second. The attackers relied on short but massive waves to disable the resource on a symbolically significant day.

On March 8, according to him, online retail, flower and gift delivery services, and payment platforms became the focus. The attacks here weren't as powerful, but they were on average one and a half times longer in duration.

— The goal is obvious: to deprive the business of sales at the very moment when traffic and demand are at their peak, — said the expert.

Online cosmetics and perfume stores faced a large number of multidirectional attacks not only on the holiday itself, but also on March 1-3, said Ilya Samylov, head of the information security services support team at NGENIX.

— The main share was made up of bot activity: stock parsing, mass price collection, as well as attempts to attack order forms aimed at disrupting the stable operation of services were recorded," the expert said. — DDoS attacks were also present, but their share during the holidays turned out to be relatively small, and we did not observe any serious impact on the operation of the sites.

In general, a combined attack scenario is typical for 2026: attackers are increasingly using powerful volumetric DDoS attacks simultaneously with massive bot campaigns and phishing activity.

How to protect your business

The pre—holiday weeks are the period of peak online sales, and the attackers have long learned that it is then that the cost of downtime for the retailer is maximum, explained Alexey Karpunin, partner at 5D Consulting.

"Retailers and marketplaces are among the priority targets along with telecom and banks," he said.

Direct losses from website downtime during the peak period are primarily lost sales, the cost of disaster recovery, and reputational damage, Karpunin added. But there are also hidden costs: the burden on delivery services from fictitious orders created by bots, paid advertising traffic without real conversions, and the cost of overtime for technical teams.

"The attackers have three motivations: extortion, that is, demanding a ransom for stopping the attack — usually $ 20-50 thousand, unfair competition and political hacktivism," the expert explained.

The first two scenarios are especially typical for holiday retail, where the loss of even a few hours of sales on a peak day is money incomparable with the cost of an attack "order."

To protect business from cyber attacks, Alexey Pashkov, head of WAF at Solar Group, advised to conduct load testing and check the site's resistance to DDoS, enable bot traffic filtering and application-level WAF protection. In addition, round-the-clock monitoring and incident response should be activated.

Переведено сервисом «Яндекс Переводчик»

Live broadcast
Subscribe and get the news first
Menu
Advertisement
RSS

Copyright for the iz.ru portal content visualisation system, as well as for the source data, including texts, photos, audio and video materials, graphic images, other works and trademarks, belongs to "MIC Izvestia" LLC

Partial quotation is possible only with a hyperlink to en.iz.ru

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The advertiser is responsible for the content of any advertising materials posted on the portal.

The information resource uses recommendation technologies. More detailed

The news, analytics, forecasts and other materials presented on this website do not constitute an offer or recommendation to buy or sell any assets.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019. , Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2026