The story so far
Retail and hospitality industries are in the midst of a technology adoption boom. Digital channels are being expanded as consumers go online at all stages of the purchase process—from information gathering, to pre-purchase, to post-purchase service.
iDefense and RH-ISAC analysis saw cybercriminals and cyber-espionage groups remain active throughout 2018. The retail and hospitality sectors are diverse, and threats were distributed to impact much of the sector. When compared with other malicious indicators, malspam (cybercriminal malicious e-mail campaigns) accounted for the highest volume of RH-ISAC member reporting during 2018. This activity is a global problem, with campaigns observed daily, and is likely to continue.
The iDefense and RH-ISAC teams have highlighted the following four key topics as important threat considerations for organizations within the retail sector:
- Strategic threat landscape and horizon scan: Technology innovation in the sector could draw significant investment and lead adversaries to evaluate opportunities as a result of that spend.
- Cyber espionage impacting hospitality: Personally identifiable information stolen from hospitality organizations, or their clientele, can be used for purposes beyond financial gain, such as to track travel patterns of high-value targets.
- Analysis and comparison of point-of-sale malware families: Despite the widespread adoption of chip cards in the United States, attackers continue to find ways to steal credit card information, often offering it for sale to criminals or exploiting the data themselves.
- Virtual skimming threat activity poses risk to payment card data: The demand for new skimmer development and deployment could grow as more and more global consumers use mobile applications for purchasing.
Looking forward into 2019 and beyond, organizations can anticipate continued targeting, both strategic and opportunistic, by cybercriminals as well as nation states. Chatbots, eCommerce frameworks and digital assistants may continue to be at the center of incidents leading to theft of payment card data. Nation state interest in retail, hospitality, food and beverage is likely to continue in the coming years. Industry-agnostic threats, such as ransomware and destructive malware, are likely to be used in campaigns in the future.
Three actions can be taken to drive proactive defense:
- Adopt a continuous response model—always assume you have been breached—and use your incident response and threat hunting teams to look for the next breach.
- Strive to distinguish cybercrime from espionage or commodity from targeted activity.
- Share intelligence about threats to aid the sectors in starting conversations around mitigating the risks in a more disruptive but coordinated fashion.