Trustwave Retail Sector Threat Landscape 2023

Keypoints

• Annual cybersecurity reports from major vendors typically consist of sections such as Executive Summary, Emerging Threats, Sector-Specific Attacks, Attack Flow Analysis, Threat Actor Profiles, and Mitigation Strategies, providing a structured overview of industry challenges and defenses.
• Key statistics indicate phishing accounts for over 70% of email-borne attacks, with sophistication increasing due to Generative AI-powered tools like WormGPT and FraudGPT, which create convincing, personalized malicious content.
• Automated bot attacks, including scalping and checkout scams, surged during holiday seasons, with types like GrinchBots and FreebieBots causing stock shortages and exploiting pricing errors, impacting operational costs and customer satisfaction.
• Third-party vendor vulnerabilities remain a critical risk, exemplified by large breaches such as MOVEit exploits affecting retailers like TJX and Estée Lauder, underscoring the importance of vendor security audits and vulnerability management.
• The typical attack flow involves initial footholds via phishing, login vulnerabilities, or exploitation of software gaps, followed by lateral movement, malware deployment (e.g., RATs, infostealers, ransomware), and data exfiltration, with proactive mitigation steps at each stage.
• Recurring themes include the rise of AI-driven attack methods, the need for layered security measures, and the importance of thorough vulnerability assessments, traffic filtering, and third-party risk management to prevent and respond to breaches.
• Notable threat actors such as Clop, BlackCat/ALPHV, LockBit, and Royal continue targeting retail organizations, using tactics like vulnerability exploitation, credential theft, and malware deployment to facilitate data theft and financial fraud.