IBM: Retailers suffering fewer, but more damaging cyber attacks

Armonk, N.Y. – Retailers are suffering fewer cyber attacks, but for hackers it is becoming a situation of quality over quantity. According to findings released by IBM, despite a 50% decline in the number of cyber attacks against U.S. retailers, the number of records stolen from them remains at near record highs.



IBM Security researchers report that in 2014, cyber attackers still managed to steal more than 61 million records from retailers despite the decline in attacks, demonstrating cybercriminals’ increasing sophistication and efficiency.



Contrary to what most would expect, the majority of cyber attackers scaled back their hacking efforts around Black Friday and Cyber Monday in 2014 rather than capitalize from the massive spike in retail spending. According to the research, cyber attackers are becoming increasingly more sophisticated, using new techniques to obtain massive amounts of confidential records with increased efficiency.



Since 2012, the number of breaches reported by retailers dropped by 50%. Despite this decline, the perpetrators were able to impact a far greater number of victims with each incident. When looking at the two week period (Nov 24 - Dec 5) around these days, the data shows the following activity across all industries:



• The number of daily cyber attacks was 3,043, nearly one-third less than the 4,200 average during this period in 2013.



• From 2013 and 2014, the number of breaches dropped by more than 50% for Black Friday and Cyber Monday.



• In 2013, there were more than 20 breaches disclosed including several large breaches that caused the number of records compromised to rise drastically, reaching close to 4 million.



• During the same period in 2014, 10 breaches were disclosed, which resulted in just more than 72,000 records getting compromised



Attackers secured more than 61 million records in 2014, down from almost 73 million in 2013. However, when the data was narrowed down to only incidents involving less than 10 million records (which excludes the top two attacks over this time-frame, Target Corp. and The Home Depot), the data shows a different story; the number of retail records compromised in 2014 increased by more than 43% from 2013.



In addition, while there has been a rise in the number of POS malware attacks, the vast majority of incidents targeting the retail sector involved command injection or SQL injection. The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target. During 2014, this command injection method was used in nearly 6,000 attacks against retailers. Additional methods include shellshock, as well as POS malware.