Cyber thieves hone their retail skills

Retailers are always looking for ways to operate more efficiently and it appears a similar philosophy is being employed by cyber thieves who covet their massive trove of personal information.



A new study from IBM shows that the number of cyber attacks on retailers declined by 50 percent in 2014 from 20 to 10 when compared to the prior year. However, despite the drop, thieves still made off with more than 61 million records, which is near the record high set the prior year of 73 million. The fact that cyber thieves were able to nab 61 million records with half as many attacks – thus reducing their exposure to apprehension – demonstrates increasing sophistication and efficiency.



"The threat from organized cyber crime rings remains the largest security challenge for retailers," said Kris Lovejoy, General Manager, IBM Security Services. "It is imperative that security leaders and CISOs (chief information security officers) in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats."



In contrast to the prior year, the majority of cyber attackers scaled back their hacking efforts around Black Friday and Cyber Monday. Retailers weren’t the only companies spared scourge of cyber thieves around Thanksgiving weekend. When IBM looked at the period from Nov. 24 through Dec. 5 it determined the overall number of daily cyber attacks was 3,043, nearly one third less than the 4,200 average over the same period the prior year.



Although the statistics suggest a cyber threat slowdown, the retail and wholesale industries emerged as the top industry target for attackers in 2014, a potential result of the wave of high profile incidents impacting name brand retailers. In the two years prior, manufacturing ranked first amongst the top five attacked industries while the retail and wholesale industry ranked last.



This past year, the primary mode of attack was unauthorized access via something called, “secure shell brute force attacks,” which surpassed malicious code. Malicious code was the preferred method of cyber this in 2012 and 2013. While there has been a rise in the number of point of sale (POS) malware attacks, the vast majority of incidents targeting the retail sector involved command injection or SQL injection. The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target. Over 2014, the command injection method was used in nearly 6,000 attacks against retailers, according to IBM. Additional methods include Shellshock as well as POS malware such as BlackPOS, Dexter, vSkimmer, Alina and Citadel.