Retail and Hospitality Threat Trend Report

Retail and hospitality industries are in the midst of a technology adoption boom. Digital channels are being expanded as consumers go online at all stages of the purchase process—from information gathering, to pre-purchase, to post-purchase service.

RH-ISAC and Accenture Security’s iDefense have teamed up to provide a first of its kind threat intelligence report for retail and hospitality available online as TLP: White.

iDefense and RH-ISAC analysis saw cybercriminals and cyber-espionage groups remain active throughout 2018. The retail and hospitality sectors are diverse, and threats were distributed to impact much of the sector. When compared with other malicious indicators, malspam (cybercriminal malicious e-mail campaigns) accounted for the highest volume of RH-ISAC member reporting during 2018. This activity is a global problem, with campaigns observed daily, and is likely to continue.

Key Findings

The iDefense and RH-ISAC teams have highlighted the following four key topics as important threat considerations for organizations within the retail sector:

  1. Strategic threat landscape and horizon scan: Technology innovation in the sector could draw significant investment and lead adversaries to evaluate opportunities as a result of that spend.
  2. Cyber espionage impacting hospitality: Personally identifiable information stolen from hospitality organizations, or their clientele, can be used for purposes beyond financial gain, such as to track travel patterns of high-value targets.
  3. Analysis and comparison of point-of-sale malware families: Despite the widespread adoption of chip cards in the United States, attackers continue to find ways to steal credit card information, often offering it for sale to criminals or exploiting the data themselves.
  4. Virtual skimming threat activity poses risk to payment card data: The demand for new skimmer development and deployment could grow as more and more global consumers use mobile applications for purchasing.

Future Outlook

Looking forward into 2019 and beyond, organizations can anticipate continued targeting, both strategic and opportunistic, by cybercriminals as well as nation states. Chatbots, eCommerce frameworks and digital assistants may continue to be at the center of incidents leading to theft of payment card data. Nation state interest in retail, hospitality, food and beverage is likely to continue in the coming years. Industry-agnostic threats, such as ransomware and destructive malware, are likely to be used in campaigns in the future.

Three actions can be taken to drive proactive defense:

  • Adopt a continuous response model—always assume you have been breached—and use your incident response and threat hunting teams to look for the next breach.
  • Strive to distinguish cybercrime from espionage or commodity from targeted activity.
  • Share intelligence about threats to aid the sectors in starting conversations around mitigating the risks in a more disruptive but coordinated fashion.

For the full TLP: White report, visit:
If you are an RH-ISAC member, contact [email protected] for the TLP: Amber version.

More Recent Blog Posts