Positive Technologies finds 117% increase in cyberattacks on retail

According to a new study by Positive Technologies, the number of attacks on retail more than doubled from 2018–2019 to 2020–2021. Most attacks were targeted at services and customers.

The global e-commerce market is expanding, with a growth of 16.3% in 2021 compared to 2020. Burgeoning sales volumes mean that ever more customers are entrusting personal and banking details to online stores. This makes the sector increasingly attractive to cybercriminals. As a result, the number of cyberattacks on retail more than doubled in 2020–2021, with an increase of 117% compared to 2018–2019. According to the study by Positive Technologies, attacks on retail in 2021 accounted for 3% of all cyberattacks. Attackers mostly targeted customer data (90% of all retail attacks in 2020 and 70% in 2021) or sought to steal money (22% in 2020 and 54% in 2021).

Ekaterina Kilyusheva, Head of the Information Security Analytics Research Group at Positive Technologies, says: "The most potentially damaging threats to retail are data theft and sales disruption. According to our research, attackers targeted sensitive information in 70% of attacks on retail in 2021. The most frequently targeted information was personal data (32% of all stolen information), bank card details (21%), customer databases (13%), and intellectual property (13%). Attackers were able to obtain this information simply by hacking a company's website or gaining access to its internal network. Attackers can use stored card details to make purchases in online stores, or they can use vulnerabilities in online store systems to order goods without making any payment at all. Criminals can also buy access to online stores on the dark web for prices ranging between $50 and $2,000."

In addition to data breaches that can damage company reputation, sales disruption caused by attackers disabling company infrastructure is also seen as a significant threat. Retailers lose income when attacks bring down online storefronts, ERP systems, payment terminals, and other infrastructure involved in making sales. Attackers can also disrupt the operation of storage and transportation systems, as was the case with Dutch company Bakker Logistiek. Disruption can be caused by, for example, a DDoS attack, defacement of an online store, or a ransomware attack. Positive Technologies' 2021 threatscape analysis found that 79% of malware attacks on retailers involved the use of ransomware.

In order to implement preventive security measures, companies need to identify the events (such as website unavailability, customer card theft, or online purchasing fraud) that would result in unacceptable consequences for them. We also recommend that companies carefully verify the risk of such events occurring, for example by conducting cyberexercises. A cyberrange allows organizations to test scenarios of cyberattacks which lead to negative consequences and assess the performance of security tools and anti-fraud systems. They can then use the results to plan measures and actions to protect against cyberattacks and minimize their consequences.

Most threats are related to insufficient protection of services, including websites, which is why it is vital to regularly assess their security. Use web application firewalls to protect your web resources from attackers.

The full version of this study is available on the Positive Technologies site.