As the holiday shopping season approaches, the 2024 Trustwave Risk Radar Report: Retail Sector reveals that cybercriminals have sharpened their tactics, utilizing ransomware and phishing attacks that exploit well-known online brands to target retailers and consumers directly.
These skills will likely be employed to infiltrate various retail organizations throughout the year.
This report builds on the insights from Trustwave SpiderLabs’ previous 2023 Trustwave SpiderLabs’ Threat Briefing and Mitigation Strategies, containing months of research from over 250 cybersecurity experts worldwide. It addresses the specific challenges retailers face, detailing how attackers customize their tactics for retail environments and highlighting the complex attack vectors available to them.Most importantly, the report contains mitigations that an organization can take to best protect itself.
Key Findings Include:
- 58% of attacks originate with a phishing incident
- 47% of stolen user sessions leverage Amazon domains
- 15% of ransomware attacks are attributed to the threat groups Play and LockBit
- 62% of ransomware attacks struck US targets.
Additional in-depth information on these topics is included in the report.
A few salient points noted in the report bring into focus the need for retailers to ensure their security is ready. The average cost of a retail-sector data breach is $3.5 million, but the potential reputational damage to organizations that count on repeat business from brand-loyal customers is potentially catastrophic.
Staples, Ace Hardware, and Home Depot were all hit with attacks within the last 12 months. The severity of these attacks was telling, with data on 10,000 Home Depot employees being exposed, Staples and Ace Hardware each having customer PII stolen and systems knocked offline. The report is accompanied by two focused pieces of research.
The deep dive into e-commerce threats examines the risks e-commerce platforms encounter and provides mitigation guidance, empowering organizations to keep e-commerce environments and customer data safe. The report covers some common methods threat actors use to gain access, such as buying log stealer results, using web shells, and credential stuffing, along with the different vulnerabilities attackers favor for exploitation.
The Fraud Targeting Retailers report looks at how threat actors attempt to convince consumers and employees to voluntarily turn over valuable personally identifiable information (PII) through a massive number of scams that can be almost impossible for the average person to discern as fraud. This information can then be used to further defraud or attack retailers.
Understanding Retail-Specific Threats
As noted in earlier Trustwave SpiderLabs’ research reports, seasonality, third-party partners, the franchise model, and protecting brick-and-mortar stores and facilities play a large role in the cybersecurity problems facing any organization, but are particularly a concern for retailers.
During high-volume shopping periods, retailers are inundated with orders, transactions, and consumer requests, which strain their security resources, thus opening holes that aggressors can manipulate to their advantage.
The report details the threat posed by potentially unsecure third-party partners and how retailers face attacks from two flanks by having to protect their cyber and physical environments.
Finally, franchisees often operate semi-autonomously, which can lead to inconsistencies in security practices across different locations, again multiplying the security problem.
Defining Attack Techniques
Knowing and preparing for an attack is only half the battle retailers face. The latter portion is understanding a threat actor’s plan of attack, how they will gain entry, and then move once inside, which is critical to halting an incident.
In the report, Trustwave SpiderLabs explains the initial access techniques, execution methodologies, how critical credentials are accessed, lateral movement, and how persistence is maintained. Understanding these steps is key for a security team as each can be defended, giving an organization multiple opportunities to mitigate an attack.
Upcoming Webinars
Trustwave will run three supporting webinars offering a first-hand explanation of all the retail reports by the researchers themselves and an opportunity to ask questions:
- Risk Radar: A 360-Degree View of Threats in Retail
- A Deep Dive into Threats and Strategies for Protecting E-Commerce Data
- Fraud Targeting Retailers: A Growing Threat
You can register here for all three webinars.
Download the Report
We encourage you to download the 2024 Trustwave Risk Radar Report: Retail Sector along with the deep dives Rise of E-Commerce Threats and Fraud Targeting Retailers. Each resource highlights the escalating cyber threats facing the retail sector, particularly during high-volume shopping periods, like Black Friday and Cyber Monday. With ransomware and phishing attacks becoming increasingly sophisticated, retailers must be vigilant and proactive in their cybersecurity measures. highlight the escalating cyber threats facing the retail sector, particularly during high-volume shopping periods. With ransomware and phishing attacks becoming increasingly sophisticated, retailers must be vigilant and proactive in their cybersecurity measures.
