Skip to main content

Cybercriminals target retail as stores reopen to the public

(Image credit: Image Credit: WNDJ / Pixabay)

As the brick and mortar retail industry awakes from its coronavirus slumber, it is met with two surprises: a huge spike in demand and an increase in cybersecurity-related incidents.

This is according to a newly released report from threat intelligence firm IntSights, which claims to have observed a spike in demand for malware targeting Point of Sale (POS), Point of Interaction (POI) and other associated on-premise payment systems.

Analyzing the black market and underground hacker forums, IntSights found that posts discussing both old and new POS malware are gaining plenty of traction.

IntSight lists three key factors retails businesses should consider when assessing cyber risk: overdue maintenance for on-premise systems, a difference in pacing between ecommerce and brick and mortar retail and PCI DSS compliance control assessment.

“Vulnerability prioritization and enrichment programs must provide evidence to auditors that the correct controls are in place with context for supporting intelligence,” reads the report.

“Proactive vulnerability identification and risk ranking are requirements in the current version of the PCI DSS (v.3.2.1). Retailers must have patch mitigation plans, formulate PCI DSS Compensating Controls, and facilitate assessment remediation.”