Retailers Brace for Cyberthreat Onslaught Ahead of Thanksgiving Shopping Weekend as the Thanksgiving holiday approaches, and with it, the largest shopping day of the year, retailers are gearing up for a surge in digital activity. However, this anticipation comes with an increased risk as threat groups aim to disrupt critical supply chains and target customers seeking deep discounts.
Phishing as a Primary Threat Vector
Retailers are facing an elevated threat from phishing attacks, serving as an initial intrusion vector. Threat groups are employing social engineering tactics to bypass multifactor authentication and harvest credentials. This poses a significant risk as the holiday season sees an uptick in online shopping.
Rise in Friendly Engineering and AI Sophistication
The complexity of threat groups has increased with the rise of generative artificial intelligence. Large language models (LLMs) like WormGPT and FraudGPT can now generate malicious messages that are harder to detect. The use of generative AI adds a layer of sophistication to cyber threats, making them more challenging to counter.
Impact of E-commerce Traffic Surge:
With the surge in e-commerce traffic, retailers heavily rely on technology systems for order processing, inventory management, and other critical functions. Attacks targeting these systems can lead to operational disruptions, delays, and financial losses, particularly during the crucial holiday season.
Concerns about Operational Technology (OT) Systems
Retailers are increasingly concerned about potential compromises of Operational Technology (OT) systems, which could impact their ability to meet customer demand. Disruptions to OT systems can have cascading effects on various operational functions.
Cyberattack Statistics in the Retail Sector
The 2023 Threatpost Risk Index reveals that approximately 19% of retailers have proactively fallen victim to cyberattacks. Additionally, 58% express concerns about potential attacks, ranking it as the third-highest business concern behind supply chain risk and financial vulnerability.
Notable Threat Groups Targeting Retail
LockBit accounts for 33% of ransomware attacks targeting the retail sector, according to Trustwave. Other prominent threat groups focusing on retail include BlackCat/AlphV, BlackBasta, Play, and Clop.
As retailers gear up for the Thanksgiving shopping weekend, the heightened digital activity brings increased cybersecurity risks. The combination of phishing attacks, generative AI sophistication, and concerns about OT system compromises underscores the need for robust cybersecurity measures to safeguard operations and customer data during this critical period.
Cyber Security is not a Joke.... Don't Let Anyone Hurt You!
Source 2023 Threatpost Risk Index