With many retailers pivoting to online sales and contactless payments over the past 18 months, cybercriminals have increased their focus on the sector in the hope of stealing valuable credit card information. What is the cyber threat to retailers, and how can your retail business protect itself from cyber-attack?
Retail is one of the most targeted sectors for cyber-attacks in 2021. The coronavirus pandemic has forced retailers to adapt to survive, regardless of their size. While smaller retailers have moved to card payments and online operations, larger retailers have focused on harnessing big data to achieve efficiencies and maximise profit margins.
This has introduced new threat vectors as retailers’ attack surfaces have expanded, and these threat vectors are being exploited by cybercriminals keen to steal money and confidential financial information. Data is the new currency for cybercriminals, who focus not just on money and goods but also customers’ personal data that can be stolen and sold online. And with high staff turnover and seasonal workers, retailers face threats from not just cybercriminals, but also insider threats.
In such a turbulent operating environment, retailers must take the necessary steps to ensure they mitigate the risk of data breach resulting in financial, operational and reputational damage. In this blog we will explore the cyber threat to retailers: who is attacking retailers, why, and how?
Who is Attacking Me, and Why?
Given the valuable credit card data and Personally Identifiable Information (PII) they hold, along with the potential immaturity of their cyber security postures, retailers face a number of cyber threat actors on a daily basis. Here are two of the key types of attacker targeting retailers:
Like all industries, retailers face a constant threat from cybercriminals.
|Who they are||Cybercriminals|
|Motivations||99 times out of 100, cybercriminals are motivated by financial gain.|
|Common attack methods||Cybercriminals target retailers both remotely and at their operating locations, such as stores and warehouses. Attackers often target point-of-sale (POS) systems, installing malware that steals credit card information when the POS system is used. They will also target ecommerce websites and the databases that sit behind them, searching for weaknesses they can exploit to steal personal data that can then be sold on the black market.|
|Real-life example||In 2014, ecommerce giant eBay suffered a massive data breach that exposed the details of 145 million users. Cybercriminals stole the credentials of three employees, and then spent several months harvesting the data undetected.|
Given their relatively high staff turnover and use of season workers, retailers also face a threat from employees.
|Who they are||Employees|
|Motivations||Members of staff who attack retailers are often disgruntled, but more often than not their motivation is the same as that of cybercriminals – financial gain.|
|Common attack methods||Employees will tend to use less sophisticated attack methods to target retailers. Often their methods are as simple as stealing confidential information from the retailer through online storage tools or USB drives.|
|Real-life example||In 2014, a disgruntled employee of UK supermarket chain Morrisons used a portable storage device to steal and then leak the personal information of thousands of staff online.|
How Am I Being Attacked?
In 2021, ransomware is one of the most popular cyber-attack methods that cybercriminals use to target retailers. In a typical ransomware attack a target organisation’s network is penetrated by hackers, often by sending a phishing email to individuals in the organisation that contains malware, or sometimes through exploiting a vulnerability in the organisation’s network.
The malware enters the network and the attackers conduct reconnaissance and further activity to achieve the right access they need to execute the ransomware. Once this is done, the target organisation’s network is encrypted and effectively unusable until either a ransom is paid or the organisation reverts to backups to bring the network back online.
2019’s Norsk Hydro attack, in which operations at the large aluminium manufacturer ground to a halt when cybercriminals launched a successful ransomware attack on the firm, demonstrated the massive financial and operational impact ransomware can have on businesses, as the firm suffered millions of pounds in lost revenue and several months of operational turmoil. However, a relatively new trend for double-extortion ransomware attacks introduces a significant reputational threat to businesses, too.
Double-extortion first became a prominent tactic as a further method to make money from late-2019 onwards. In a double-extortion ransomware attack, the attackers threaten to leak stolen data onto the internet. The intention of double-extortion ransomware attacks is to shame target organisations into paying a ransom, even if the appropriate backups are in place to mitigate a traditional ransomware attack.
Many double-extortion ransomware attacks lead to sensitive data being publicised on social media. In mid-2020, there began to be an increasing trend for the publication of screenshots of the stolen data by cybercriminals and security researchers. This means that often the first public indication that an organisation has been hit by ransomware will be stolen sensitive information appearing on social media.
How Do I Protect Myself?
The cyber threat to retailers is real, and it’s getting worse. Cybercriminals are actively targeting UK retailers with double-extortion ransomware attacks, and will continue to do so as long as they remain a successful (and lucrative) attack method. In order to protect your retail business, you need to understand the risks you face. By understanding these risks, you can take steps to address them.
Six Degrees is a trusted cyber security partner to prominent retailers throughout the UK and beyond. We understand the cyber threat to retailers, and we regularly advise our retail clients on the hostile digital landscape in which they operate.
You can download our new Cyber Intelligence Report that covers the latest trends in ransomware attacks against the retail and manufacturing sectors for free here. We’ve also created a handy infographic that provides the information you need to protect your retail business from ransomware attacks.
Subscribe to the newsletter today
We will soon be entering the peak trading period. How…
For retail businesses, delivering brilliant customer experiences depends on having…