Exclusive Q&A: Keep your holidays warm, bright – and secure

Dan Berthiaume
Senior Editor, Technology
Dan Berthiaume profile picture

With increased traffic and sales, the holidays also bring retailers heightened risk of cyberattack.

Chain Store Age recently discussed the most pressing security threats facing retailers during the 2019 holiday season and beyond with Randy Pargman, senior director of threat hunting & counterintelligence at Ohio-based cybersecurity company Binary Defense. Pargman, who also spent 15 years as a senior computer scientist on the Cyber Task Force at the FBI Seattle field office, shared insight on the latest cybercrime techniques retailers must defend themselves against as peak season approaches.

What is the biggest threat retailers face during Black Friday?

“There is a new trend of cybercriminals using more targeted, strategic ransomware to lock up computers and demand extortion payments to unlock them. In the past, threat actors focused on stealing payment card records from retailers and paid close attention to the days leading up to Black Friday. 

“The whole holiday shopping season was a lucrative time, as there is a high volume of card-present transactions. Criminals would install machines in card swipes at POS terminals. As they got hit hard with these type of attacks, more retailers began implementing EMV readers and point-to-point encryptors, making it difficult to steal card numbers.

“While there is still a hot market to purchase stolen card numbers, ransomware has gone from a scattershot, random attack to a targeted, strategic attack. Companies frequently buy cyberinsurance, and many policies will help pay for ransom. The cybercriminals have a list of what insurance companies are willing to pay and what insurance companies retailers are using. 

“Hackers will also time a ransomware attack so retailers have short timeframe to make a decision. If a retailer is facing a period of two to three weeks to restore their systems from backup during the holiday shopping period and the hacker promises that if they put in the secret key they will get by paying ransom their systems will be back in one day, there is a strong incentive to pay.”

What is the biggest threat retailers face for Cyber Monday?

“We are seeing a huge increase in the number of attacks on e-commerce sites that provide services for online retailers. For example, a company that provides a turnkey solution retailers can use for shipping. A hacker who gains access can install malware on multiple different retailers at once and collect card data as it is entered into site.

“These are known as ‘Magecart’ attacks, and are being perpetrated by many unrelated groups who are using similar techniques to compromise online retailers. They gain access to an e-commerce site and install JavaScript to collect card data and send it to the attacker every time a customer makes a purchase. Retailers may use services to check their sites for new script, but the attackers can analyze the checks, and if one is different enough from normal site visits the attacker can analyze where it’s from and return the regular site if they recognize the IP address. This allows Magecart attackers to only run the malicious script when a customer makes a purchase.”

(Editor’s note: Online cosmetics retailer First Aid Beauty is reported to have recently been victimized by a Magecart attack.)

What is the biggest threat retailers face during the remainder of the holiday season?

“Retailers face the same threats post-Black Friday and Cyber Monday, with malware harvesting card data as customers make transactions in person or online, and ransomware/extortion attacks. In the past few months, there have been reports of the coming together of threat actors who typically operate in separate circles, selling criminal services requiring special skills.

“For example, some threat actors break into networks all day and have their own expertise. Others are experts at social engineering or phishing, or develop custom malware that standard antivirus programs won’t recognize. They advertise on the dark web and share data on activities like locking up computers with ransomware.

“Researchers got the idea to analyze the dark web to discover which companies were being targeted, so now cybercriminals share information in vague terms or directly cooperate with large ransomware groups. They may sell their expert  criminal services exclusively to one steady customer they know can pay.”

What is the biggest threat on the horizon for 2020?

“More retailers will adopt proactive security strategies to protect their networks and receive alerts when threat actors are in the network. A natural consequence has been threat actors have become more advanced in researching security products. They acquire the same security products retailers use and put smart people to work researching, reverse engineering and testing security products to learn how to evade them and obtain access to high-value targets. 

“Retailers need to not just prevent and block threat actors, who always find ways to evade security software, but also detect them once they are inside the network.”