Retailers are Opening Their Doors Again, and Hackers are Entering
July 28th, 2020
Subscribe to our blog and stay up to date
Every industry was affected by the global economic shutdown brought on by the COVID-19 pandemic, and retail was perhaps the most visibly impacted of any sector. Brick-and-mortar retailers were closed to the public while grocery stores and ecommerce saw an unprecedented volume of traffic. As a result, internet-connected devices retailers were using in their stores – POS systems, IoT devices, computer operating systems, etc. – largely lay dormant, without receiving any maintenance, system updates, or patching.
Meanwhile, cybercriminals have taken full advantage of the world’s health crisis, attacking healthcare organizations, offering fake vaccines and tests on black markets, and exploiting new vulnerabilities created by the workforce’s shift to working primarily from home. Now that the spread of the coronavirus has been contained in many geographies, retailers around the world are being permitted to reopen their brick-and-mortar stores.
But this means retailers could be next in the line of fire as threat actors prey on unpatched systems. The image to the right is an example of a hacker selling malware designed to attack POS systems in a dark web forum.
IntSights recently published a report on the cyber threat landscape in the retail sector. Here’s what security teams need to know about the impact reopening physical stores could have to their systems.
The Return to Normalcy Will be Anything But Normal
As storefronts reopen to consumers around the world, the entire industry is experiencing a “start-of-life” event that will require a great deal of diligence. Staff members will be charged with dusting off idle systems and revisiting existing maintenance plans to make sure they are patched or fitted with valid and tested compensating security controls.
But security teams may need to rethink their mitigation strategies as new threats emerge, as the sheer volume of cyberattacks levies against retailers could be devastating to the unprepared. The surge in activity will likely force security practitioners to adapt on the fly and proactively identify vulnerabilities before they are exploited by sophisticated cybercrime groups.
Cyberattacks Against eCommerce Could Serve as Decoys
Hackers use distraction to their advantage when exploiting victims. While ecommerce retail has been a primary target for threat actors during the COVID-19 pandemic, the reopening of physical retail could provide the opportunity to operate in stealth. There are now more security distractions in the retail sector than ever before.
As the retail sector has attempted to pace its priorities between online and in-store security needs, hackers have adjusted their attack patterns to capitalize on the frenzy to steal sensitive data. They have targeted components within retail systems that may be overlooked as less of a threat or that is no longer supported, but may slip through the cracks due to the increased stress and distractions in the industry.
PCI DSS Compliance is Becoming Even More Important
At a time when retailers face daunting financial challenges, neglecting cyber-regulation and security alignment is not an option. In fact, PCI DSS assessment is more important than ever, providing a foundational, prescriptive, and reliable roadmap for retail businesses to follow during a time of unprecedented stress and elevated security threats.
The recent spike in threat activity targeting the retail sector during the COVID-19 pandemic will mean significant challenges for any PCI DSS-covered business. Organizations will be exposed to unwanted attention, potential financial penalties for non-compliant card brand use, and, in the event of a data breach, fines and additional assessment scrutiny.
Version 4.0 of PCI DSS is expected to reinforce the call for further enrichment and validation of methods and procedures that promote proactive security. Retailers will benefit from adopting a proactive vulnerability identification process fueled by context rich intelligence-based prioritization, like IntSights Vulnerability Risk Analyzer.
To learn more about the state of the retail cyber threat landscape in the midst of the COVID-19 pandemic, read our full report.
Kevin Diffily is a Product Marketing Manager at IntSights. He strives to provide security teams with the knowledge and tools they need to enable proactive defense against emerging cyberattacks. Kevin has a background in journalism, brand development, content marketing, and social media management. He received his B.A. in Communication from Curry College and his M.A. in Integrated Marketing Communication from Emerson College. He is a staunch proponent of gratuitous Oxford comma use.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.