The announcement that London and other parts of the UK would enter Tier 4 has forced non-essential retailers to move the vast majority of their operations online. These organizations can expect an even bigger surge in online consumer activity as the frantic new year sales commence.
Unfortunately, beyond the obvious challenges that Covid-19 has already created for the retail sector, this will inevitably present a much greater opportunity for cybercriminals to attack e-commerce, putting both retailers and their customers at heightened risk.
It is therefore imperative that retailers take proactive steps to reduce the risk of cybercrime. Security teams must embrace the latest innovations in technology to stay ahead of hackers. With cybercriminals continuously looking to outpace and outsmart traditional defenses, hundreds of retail organizations have recently turned to artificial intelligence to fight back, protecting their customers’ critical data.
2020: The year cybercrime went from bad to worse
Even before the sudden and unforeseen changes brought about by the onset of the pandemic, the retail sector was facing an onslaught of increasingly sophisticated cybercrime. This is largely due to the nature of e-commerce—the online traffic it drives, the pace in which it continues to develop, as well as the design of online stores.
2020 has accelerated this trend. In February, Estée Lauder suffered a massive data breach which exposed 440 million records online. In the following months, a series of successful attacks coordinated by cybercrime syndicate Magecart targeted household names like Nutribullet and Claire’s, severely infecting the retailers’ websites and enabling hackers to access customer credit card data.
A further notable attack which occurred this year involved Boots, the British health and beauty retailer. The company was forced to suspend payments using loyalty points in shops and online after hackers attempted to break into customers' accounts using stolen passwords. This was a typical case of an attack known as ‘credential stuffing’, where the hackers take advantage of a previous data leak and download thousands of stolen passwords from the dark web, before reusing those credentials to sign into other online accounts.
These attacks are helped by the fact many people reuse the same usernames and passwords across multiple accounts – meaning a single data leak can result in five or more successful account takeovers. Although password managers and multi-factor authentication can help prevent these attacks, trust should not be placed solely on the individual—the responsibility is principally held with the organizations that are providing the online services.
Ransomware: the quickest route to a tidy profit
Since wreaking havoc in both corporate and governmental organizations in 2019, ransomware has once again risen this year: Darktrace has seen attempted attacks on its customers rise by over 20 percent in the last twelve months. One of the most lucrative ransomware strains of this year is known as Sodinokibi. Its creators, cyber-criminal gang REvil, claim that the strain of malware has bagged them over $100 million in profits this year alone.
Sodinokobi is a typical modern-day ransomware attack, in that, before encryption, it tends to exfiltrate the data as well. This form of “double-threat” is a technique increasingly adopted by profit-seeking cyber-criminals, who can threaten to leak stolen data should a target organization not comply with their demands. Sodinokibi also makes heavy use of code obfuscation and encryption techniques to evade detection by signature-based, anti-virus solutions.
Darktrace recently detected a Sodinokibi ransomware attack targeting a major retail organization, which began when the credentials of a highly privileged member of the retail organization’s IT team was compromised. REvil is known to make use of phishing emails, exploit kits, server vulnerabilities, and compromised MSP networks for initial intrusion. In this case, the attacker used the IT credential to compromise a domain controller and exfiltrate data directly after initial reconnaissance.
Why smart attackers strike at night
This incident was characteristic of modern-day cyber-attacks, which are increasingly carried out at night or on the weekend, as this is predictably when the response times of security teams are at their slowest. Despite the understaffed security team being away from their laptops, every stage of the attack was detected by AI cyber defense, which then automatically launched an investigation, stitching together disparate events across the digital estate and generating an incident summary. When the security team returned, hours of ‘triage time’ were reduced to just a few minutes, and they were able to action a response before encryption began.
AI is likely to become an increasingly important ally to human defenders in the ongoing cyber war. The technology is always on – it doesn’t take breaks or make mistakes, and it augments human defenders at a time that will make or break many retailers.
How AI learns your ‘digital DNA’
This attack slipped under the radar of a range of traditional security tools deployed by the organization, using local tools to blend into regular traffic – a technique known as ‘living off the land’. However, for artificial intelligence continuously learning the normal ‘pattern of life’ for every user and device, the attack was easy to spot.
AI-powered security technology is a vital aid in helping companies overcome e-commerce obstacles, especially if they are to make the most of the lucrative online sales opportunity that this holiday season presents. It automatically fights back against the full range of threats – from ransomware and data loss to account takeover and cloud misconfigurations, by recognizing subtle anomalies that other tools miss.
As numerous areas of the country are unable to visit non-essential retailers, many consumers will continue to conduct their shopping online for the foreseeable future. However, with many retailers lacking the experience, skills and potentially the protective tools to detect and prevent attacks, it is crucial that they prioritize cyber security. The latest innovations in technology will be essential in helping retailers cope with the unprecedented online demand and inevitable increase in cybercriminal activity.
Andrew Tsonchev, Director of Technology, Darktrace