Reduce Time To Remediate Threats: Lessons from a major US retailer

2019 has become another record-breaking year in eCommerce. This unprecedented growth has a dark side – since an overwhelming 71% of security incidents are financially motivated, digital retailers are becoming even more attractive targets for cyber attacks and fraud.

Evolving Digital Retail Threat Landscape

As we near 2020, digital retailers will have to work hard to protect their digital assets. Here are a few factors that will make this task harder than ever.

New Payment Methods

Consumers are increasingly demanding fast, easy, and safe ways to shop and pay, and retailers are happy to oblige. Retailers such as Lululemon, Footlocker and Forever21 are already accepting payments through mobile payment apps.

New payment options require merchants to update their cyber resilience posture, as fraudsters often test newly launched payment and shopping flows in the hopes of uncovering vulnerabilities and loopholes.

Promotions and vouchers

Techniques for abusing coupons and vouchers are getting more sophisticated. For example, threat actors increasingly leverage automation to hack coupon codes by using bots, similar to the credential stuffing technique used to break into online accounts.

Phishing and social engineering

The latest Verizon Data Breach Report highlights a huge increase in C-level executives being individually targeted with sophisticated phishing and social engineering attacks. According to the report, C-suite executives were twelve times more likely to be the victim of a business email compromise attack.

Account Takeover Attacks

On the heels of high-profile data breaches of 2018, such as Uber and Facebook, 2019 has seen no shortage of compromised credentials for threat actors to leverage and recycle.

There is also a disturbing uptrend in bot use, and it is clear why retailers are increasingly targeted by automated credential stuffing attacks. Unfortunately these attacks are also becoming harder to detect, as fraudsters embrace ‘Low & Slow’ stuffing methods, which sacrifice speed to make login attempts, imitating human behavior to avoid detection.

Hunting for Threats

Retail is among the top 5 industries who experience the most breaches. The importance of incorporating a proactive security approach is apparent. With threat hunting, retailers can build upon threat intelligence data in order to secure their organization’s system. Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks, with no prior knowledge of those signs. It can uncover threats on your network without signatures or known indicators of compromise (IOCs).

Threat hunting enables retail security teams to make knowledgeable and strategic decisions of where to focus their time and resources thereby minimizing risks posed to their critical data and assets. By securing weak points among POS systems and web applications against the latest cyber threats and TTPs, retailers can keep their brand, customers and company safe.

See How A Major US retailer increased their Cyber Resilience

CyberInt partnered with an American multi-brand, multi-channel, specialty retailer with over $2.5 billion in sales. As the company was starting its cloud migration processes, CyberInt was invited to perform a threat hunting operation and ensure that the retailers’ current environment was secure.

Within a day of deploying within the customer’s infrastructure and performing a hunt on the endpoints, Cyberint experts detected two kinds of undetected malicious activities.

Cyberint’s expertise and capabilities allowed the retailer to:

• Momentarily detect malicious activities
• Mitigate threats within 24 hours upon detection
• Ensure the company’s environment was secure and ready for further cloud migration

For more details on our threat-hunting operation, download the case study here.