Retail Cyber attacks - Increasing Data Breaches Against Retailers

Retailer data breaches are increasingly common as cyber criminals execute high-value retail cyberattacks. Retail industry cyberattacks are a lucrative target for attackers, given retailers’ reliance on the internet for public-facing websites and web applications.

Retail market cyberattacks can be hugely damaging to organizations, resulting in service interruptions, periods of downtime, lost sales, and data loss. For example, the National Retail Security Survey found that cyber risks dominate retailers’ risk concerns, with retailers considering e-commerce crime (29%), cyber-related incidents (27.5%), and organized retail crime (27.5%) their biggest risk priorities over the previous five years.  

Retail cybersecurity is crucial to protecting organizations from a wide range of cyberattacks. Typical forms of cyberattack on the retail industry include:

One of the most prominent attack vectors targeting the retail industry is automated attacks launched by bots. Automated bot attacks enable cyber criminals to infiltrate or overwhelm web applications and websites with vast amounts of internet traffic. Many retailers also use bots to monitor their competitors, track inventories, and price-scrape products.

In February 2018, bots were used to carry out a substantial cyberattack against software development platform GitHub. It generated peak traffic of 1.35 terabits per second (Tbps), which took the website down for five minutes.

Application programming interfaces (APIs) enable retailers to simplify tasks like data sharing and system connectivity. However, APIs often are not designed with security in mind, which results in them leaking data and leaving organizations vulnerable to cyberattacks. Cyber criminals can exploit APIs through various methods, such as injection attacks, authentication hijacking, and man-in-the-middle (MITM) attacks. 

Distributed denial-of-service (DDoS) attacks are a form of bot attack, in which attackers use botnets to try and overload servers with vast volumes of internet traffic. A massive DDoS attack targeted Amazon Web Services (AWS) in February 2020. It amassed incoming traffic of 2.3 Tbps after cyber criminals hijacked web servers of the Connection-less Lightweight Directory Access Protocol (CLDAP), which has become a common target for DDoS attacks.  

ATO attacks are a form of fraud and identity theft, which occurs when a cyber criminal gains unauthorized access to a victim’s online account. The attacker then poses as the user to change their account details, launch phishing attacks, steal data or financial information, and launch broader attacks against an organization. ATOs are commonly used in conjunction with bot attacks, phishing, and social engineering techniques.

Retail organizations are especially susceptible to credit card fraud. Cyber criminals can hack a website to steal financial information and use other attack vectors to intercept credit card data to make unauthorized purchases or steal money. For example, one of the biggest credit card fraud in U.S. history saw hackers amass over $200 million after stealing the details of over 10,000 credit cards and creating more than 7,000 false identities. 

Inventory hoarding is a form of bot attack in which cyber criminals target retail websites and automatically add products to shopping carts but do not complete the purchase. This process, also known as denial of inventory, prohibits genuine customers from purchasing in-demand products and prevents retailers from making sales. It can also lead to retailers requesting unnecessary stock replenishments from suppliers and manufacturers.  

Refund fraud involves a cyber criminal defrauding a retailer through the return process. A typical example of this is returning stolen items in an attempt to secure cash, stealing receipts to enable falsified product returns, and using another person’s receipt to steal a product. Refund fraud results in $18.4 billion of annual losses for U.S. retailers, according to research by Appriss Retail. 

According to Statista, by 2025, the world's installed base of connected Internet-of-Things (IoT) devices will total 30.9 billion. This offers advanced levels of connectivity but leaves organizations vulnerable to cyberattacks as IoT devices often lack the required built-in security. 

The most significant example of the threat of IoT retail market cyberattacks was the DDoS-based attack on Dyn, an internet performance management company, that infected IoT devices to flood websites with traffic. 

Gift card hacking enables attackers to steal money, make unauthorized purchases, convert balances into real currency, and steal user login credentials to carry out more comprehensive attacks and identity fraud. These attacks typically target significant events like Christmas and Valentine’s Day and often use bots to steal sensitive information.

A POS attack targets physical transaction devices to intercept and steal financial data. It usually involves malware being deployed on devices, such as card payment machines, to capture the information they process. 

Insider threats are a significant risk to the retail industry because of high employee turnover rate. Insider threats involve employees stealing corporate data or selling sensitive information to third-party organizations or competitors.

Fortinet solutions help retailers fight cyber crime with a comprehensive range of network and security technologies. The Fortinet Solution for Retail provides retail organizations with enhanced visibility and management of their IT networks and systems without sacrificing user experience or incurring high costs. The Fortinet retail cybersecurity solution includes tools that protect organizations’ entire attack surface, such as next-generation firewalls (NGFWs) and secure wired and wireless access points. 

For more information on how Fortinet can help protect retail organizations, watch this software-defined wide-area networking (SD-WAN) demo for retail security.