As the holiday shopping season approaches, the 2024 Trustwave Risk Radar Report: Retail Sector highlights a growing threat to the retail sector. Cybercriminals have refined their tactics, preparing to launch ransomware and phishing attacks that exploit well-known online brands. These attacks aim to defraud retailers and consumers, with the skills gained being used to infiltrate retail organizations throughout the year.
The report, a follow-up to the acclaimed 2023 Trustwave SpiderLabs’ Threat Briefing and Mitigation Strategies, is the result of extensive research by over 250 Trustwave SpiderLabs cybersecurity experts worldwide. It delves into the unique threats retailers face, detailing how attackers have tailored their methods specifically for retail targets. The complex retail environment provides numerous potential attack vectors for adversaries.
Crucially, the report offers actionable mitigations to help organizations protect themselves.
Key findings include:
- 58% of attacks originate with a phishing incident
- 47% of stolen user sessions leverage Amazon domains
- 15% of ransomware attacks are attributed to the threat groups Play and LockBit
- 62% of ransomware attacks struck US targets.
Additional in-depth information on these topics is included in the report.
A few salient points noted in the report bring into focus the need for retailers to ensure their security is ready. The average cost of a retail-sector data breach is $3.5 million, but the potential reputational damage to organizations that count on repeat business from brand-loyal customers is potentially catastrophic.
Staples, Ace Hardware, and Home Depot were all hit with attacks within the last 12 months. The severity of these attacks was telling, with data on 10,000 Home Depot employees being exposed, Staples and Ace Hardware each having customer PII stolen and systems knocked offline. The report is accompanied by two focused pieces of research.
- Retail Sector Deep Dive – Rise of E-Commerce Threats
- Retail Sector Deep Dive – Fraud Targeting Retailers
The deep dive into e-commerce threats examines the risks e-commerce platforms encounter and provides mitigation guidance, empowering organizations to keep e-commerce environments and customer data safe. The report covers some common methods threat actors use to gain access, such as buying log stealer results, using web shells, and credential stuffing, along with the different vulnerabilities attackers favor for exploitation.
The Fraud Targeting Retailers report looks at how threat actors attempt to convince consumers and employees to voluntarily turn over valuable personally identifiable information (PII) through a massive number of scams that can be almost impossible for the average person to discern as fraud. This information can then be used to further defraud or attack retailers.
Understanding Retail-Specific Threats
As noted in earlier Trustwave SpiderLabs’ research reports, seasonality, third-party partners, the franchise model, and protecting brick-and-mortar stores and facilities play a large role in the cybersecurity problems facing any organization, but are particularly a concern for retailers.
During high-volume shopping periods, retailers are inundated with orders, transactions, and consumer requests, which strain their security resources, thus opening holes that aggressors can manipulate to their advantage. Retailers must, therefore, enhance their security protocols in anticipation of these busy seasons, ensuring they have adequate resources to manage customer demands and cybersecurity risks.
The report details the threat posed by potentially unsecure third-party party vendors.
Third-party dependencies are prevalent and can significantly amplify cybersecurity risks. Retailers often collaborate with vendors for payment processing, logistics, marketing, and other essential services. Each of these partnerships introduces potential vulnerabilities; a breach at a third-party vendor can compromise the retailer’s systems.
Finally, franchisees often operate semi-autonomously, which can lead to inconsistencies in security practices across different locations, again multiplying the security problem.
To address these challenges, franchisors must provide comprehensive training and support to franchisees, ensuring they understand and adhere to established cybersecurity protocols. Regular assessments and communication can also help maintain a strong security posture across the franchise network.
Defining Attack Techniques
Knowing and preparing for an attack is only half the battle retailers face. The latter portion is understanding a threat actor’s plan of attack, how they will gain entry and then move once inside, which is critical to halting an incident.
In the report, Trustwave SpiderLabs explains the initial access techniques, execution methodologies, how critical credentials are accessed, lateral movement, and how persistence is maintained. Understanding these steps is key for a security team as each can be defended, giving an organization multiple opportunities to mitigate an attack.
With ransomware and phishing attacks becoming increasingly sophisticated, retailers must be vigilant and proactive in their cybersecurity measures, especially with ransomware and phishing attacks becoming increasingly sophisticated, retailers must be vigilant and proactive in their cybersecurity measures.
