Stolen credentials play a major role in retail data breaches, according to the 2021 Verizon Data Breach Investigations Report.
Study results indicate that the top cyberattack patterns found in the retail sector stem from system intrusion, social engineering (such as phishing), and basic web application attacks. Of the data compromised in 165 incidents with confirmed data disclosure, 42% of the breaches reported involved payment data (42%), followed closely by personal data (41%). Credentials (33%) and other data types (16%) made up the rest of the confirmed data breaches.
The 165 confirmed breaches occurred within 725 total incidents recorded by Verizon. According to Verizon, the main cause of this large differential between total incidents and confirmed breaches was a large number of denial of service attacks (409) designed to disrupt online operations which were launched against the retail sector.
The top pattern of retail cyberattack was system intrusion, which typically involves the use of stolen credentials to install malware that captures application data. Verizon analysts went as far as to call stolen credentials the universally loved “glazed donut” of data types for hackers.
Social engineering followed, with common usage of the “pretexting” scam, where a fraudster invents a phony scenario to convince a victim to transfer money. Together, system intrusion, social engineering and basic web application attacks comprised 77% of retail breaches recorded by Verizon.
Other interesting findings include:
• 84% of retail threat actors in recorded breaches were external, 17% were internal, 2% consisted of multiple external/internal actors, and 1% were retail partners.
• 99% of recorded retail breaches were financially motivated. Espionage drove the remaining 1%.