BLOG: Seasonal Cyber Threats to the Retail Sector

For the retail sector, the holiday season running from October to December is the busiest and most important period in terms of sales and profitability. It is also when the sector is most targeted by cybercriminal threat actors seeking to exploit the increased in business activity. We assess that this trend is highly likely to continue given the disproportionate impact that malicious operations can have on retailers during this period relative to the rest of the year.

Threat Analysis

Ransomware

Financially motivated cybercriminal groups such as ransomware operators are known to increase their targeting of the retail sector during the holiday season. The increased targeting during this period is likely due to the impact that operational downtime would have on any retailer’s profitability at their most lucrative time of year. Last year during the holiday season alone Orpheus reported on a total of seven incidents where threat actors specifically targeted the retail sector between October and December 2021. We assess that retailers should be prepared for a similar increase in cybercriminal operations targeting the sector this year as ransomware operators assume that businesses are more inclined to pay a ransom to prevent downtime and keep their brand names off leak sites during this period. This was highlighted as recently as November 2022, with Orpheus reporting on Canada’s second-largest supermarket Sobeys being hit with Black Basta ransomware in a likely attempt to disrupt operations as consumer spending ramps up prior to Christmas.

Data Theft Operations

In a further reiteration of this trend, we have also reported on the increasing activity of cybercriminals targeting Adobe Magneto e-commerce websites in TrojanOrders compromises aimed at stealing personal information and payment card data. With more identified compromises in November 2022 than the previous 10 months combined coinciding with the guaranteed surge in online retail during the upcoming Black Friday and Cyber Monday sales.

Brand Imitation

In November 2022, Orpheus reported on a sophisticated phishing campaign targeting North American consumers with fake promotional campaigns from retail brands. This represents a threat to the retail sector because whilst the immediate financial impact of such operations falls on consumers, the imitation of brands by threat actors may degrade consumer trust in future legitimate promotions. Additionally, legitimate promotional sales taking place on events such as Black Friday and Cyber Monday are also known to be targeted with bots that seek to acquire discounted items on mass, only for them to be resold later at a considerable markup. This activity risks reputational damage to retailers as the consumer experience of these promotions is degraded, in addition to damaging profits as the automation of such activity can adversely affect network infrastructure and potentially cause DDoS like disruption.

Malicious Insiders

Retailers also face seasonal threats from malicious insiders due to the high turnover of additional employees that are taken on to meet higher seasonal demand across stores and distribution centres. Malicious insider incidents are likely to have a considerable reputational impact, particularly when employees access and then release customer data. Previously we have reported on a malicious insider incident impacting the popular e-commerce provider Shopify in which two employee’s used their access to obtain customer transaction details from almost 200 Shopify stores.

Practical Mitigations

Threat actors are constantly looking to exploit security flaws and take advantage of retail brands and their customers at a time that will maximise the impact of their operations, as such maintaining a proactive security posture is key to mitigating this risk.

• Educate employees, and customers, on cyber security best practices and encourage them to report any suspicious activity.
• Ensure that software and network protocols are kept up to date with timely patches and updates to mitigate against cybercriminals attempting to gain network access via exploits.
• Understand the potential and likely cyber threats posed to the retail industry and leverage this to take decisive and targeted mitigating actions.
• Orpheus-Cyber continues to collect and analyse huge volumes of information from a variety of sources in order to provide focused Cyber Threat Intelligence products. This enables a complete understanding of Retail sector client cyber risks.