SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Trustwave reveals retail sector's unique cybersecurity threats & solutions
Thu, 16th Nov 2023

Trustwave has released a report titled '2023 Retail Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies', discussing the unique threats and risks the retail industry is currently facing, along with insights and mitigation strategies to fortify defences.

The study was conducted by Trustwave SpiderLabs and provides an in-depth analysis of the attack flow used by threat groups against the retail sector, explicating their tactics, techniques, and procedures. Persistent threats to the sector, like malicious attachments sent via email, automated bots, and remote access trojans, were found especially potent, heightening risks for retailers in the run-up to the festive season. Statistics reveal that a security breach involving a major retailer is almost assured to grab the headlines.

This investigation comes at a time when the e-commerce market has surged to a significant US$1.09 trillion in 2022, marking a 209% increase from 2019 levels. Kory Daniels, Chief Information Security Officer at Trustwave, mentioned, "The significant shift towards digital commerce that unfolded during the global pandemic marked a pivotal moment for retailers."

Daniels further explained, "An industry historically focused on compliance and point-of-sale security had to rapidly adapt to surging consumer demands, virtual workforces, and evolving threat actors. Our latest threat briefing is a valuable resource for retail leaders and cyber defenders, providing a comprehensive view of the threats observed by our Trustwave SpiderLabs team, along with specific mitigation strategies to help organisations protect themselves, their consumers and their assets."

Trustwave SpiderLabs' report broke down threat groups and their methods throughout the attack cycle, summarising the key findings, which were:

  • The LockBit threat group was responsible for 34% of ransomware incidents targeting the retail sector.
  • The majority of the targeted retailers reporting breaches were from the United States (57%), with the UK (8%) and Canada (7%) following at a distance.
  • About 30% of all reported incidents in retail can be attributed to Credential Access, whereas 90% occur through brute force.
  • 59% of phishing emails used payroll diversion as a lure, followed by a 19% request for a contract.

The report also sheds light on the unique cybersecurity challenges in the retail industry, majorly driven by the rise in e-commerce that has made retailers more vulnerable to cyberattacks due to increased data storage and dependence on third-party vendors. Retail businesses experience significant fluctuations in traffic and sales throughout the year, making it challenging to maintain security and compliance standards. Other challenges include operating across various channels like physical stores, e-commerce websites, and mobile apps, the prevalence of gift cards being used for transactions, and the franchise model where a breach of one franchise could damage the reputation of the entire brand.