We’re excited to introduce our latest threat landscape report on the retail trade sector, offering fresh insights into the evolving cyber threats facing the industry.
In this blog, we’ll give you a taste of the report’s key themes, including analysis of the most pressing threats, prevalent MITRE ATT&CK techniques, and dark web insights.
Top MITRE Technique: Spearphishing
Between November 1, 2023, and October 31, 2024, spearphishing was the top initial access technique for our customers across most sectors, including retail trade. This sector is particularly vulnerable to spearphishing attacks because of its large workforce, including its many part-time and seasonal staff, who may lack proper training to spot phishing attempts. Extensive communication with customers, suppliers, and partners further increases the risk for targeted attacks.
Just 3 Minutes to Contain a Threat with AI and Automation
ReliaQuest collects security operations metrics, including the mean time to contain a threat (or MTTC), from organizations across all sectors. By reducing MTTC, organizations significantly minimize operational disruptions and safeguard their customer data.
Retail trade organizations relying solely on manual responses average an MTTC of nearly 11 hours, whereas those using AI and automation, like through GreyMatter Automated Response Playbooks, cut it drastically to around 3 minutes.
DRP Insights Reveal Impersonating Domains as Growing Concern
Retail trade organizations are frequent topics on dark-web forums due to their vast stores of customer data and financial information. During the reporting period, impersonating domains emerged as the most common tactic used by threat actors, with GreyMatter Digital Risk Protection (GreyMatter DRP) alerts rising by 14.4% from last year. Often through setting up fraudulent retail websites, threat actors trick customers into revealing personal and payment information, leading to credential theft and financial fraud.
The impact of such attacks extends beyond the immediate consequences, as they undermine the trust that retailers have built with their customers, resulting in reputational damage and potential customer loss.
Ransomware Activity Targeting the Retail Trade Sector
Ransomware activity targeting retail trade spiked 111% over the past year, with 379 companies listed on ransomware data-leak sites. This contrasts the 20% average increase seen across all sectors. This surge is likely fueled by the sector’s high transaction volumes, extensive online presence, and extensive data stores. What’s more, operational outages can be financially crippling, prompting more companies to pay ransoms—a trend threat actors are likely to exploit.
Key Threat to Watch: IntelBroker
The financially motivated “IntelBroker,” known for its role as administrator of the prominent cybercriminal forum BreachForums, is notorious for its high-profile breaches across various sectors, impacting enterprises from Los Angeles International Airport to Apple.
With a history of targeting the retail trade sector, organizations should remain especially vigilant. IntelBroker’s breaches often draw significant media attention, and its stolen databases are frequently sold or even shared for free on BreachForums. To effectively safeguard your environment and assets, early detection is crucial. Ensure robust detection mechanisms are in place and encrypt customer and business data both in transit and at rest to minimize the risk of compromise during a breach.
Anticipating What’s Next
E-Commerce Platform Exploitation: As the demand for online shopping intensifies, retailers will scale up their digital operations. This creates opportunities for threat actors to exploit system and software vulnerabilities, potentially leading to ransomware attacks and data breaches.
Supply-Chain Attacks: Retailers are relying more heavily on third-party vendors and suppliers, raising the risk of being targeted by supply-chain attacks. Cybercriminals often target smaller, less-secure suppliers to infiltrate larger retail networks and access more lucrative systems.
Abuse of AI and Machine Learning: Cybercriminals are increasingly using AI and machine learning to advance their techniques, so attacks are becoming more sophisticated. From enhancing phishing and malware to chatbot impersonation, threat actors can leverage AI and machine learning to their benefit to complicate detection and remediation.
Conclusion
Recent malicious activity, particularly the surge in ransomware attacks, underscores the retail trade sector’s appeal to malicious actors. As the sector expands and modernizes, embracing new technologies driven by AI and automation, it must also be prepared for increased cyber threats. Implementing proactive, defense-in-depth strategies—such as automated incident response measures and digital risk protection—will be essential for safeguarding security operations environments.
For deeper insights into the major threats facing the sector, detailed case studies, and practical mitigation strategies, download the full report.
Leave a Reply