Retailers a prime target for cyber criminals in '12, says Trustwave

Retailers now a prime target for cyber criminals, says Trustwave by John P. Mello Jr. Retailers have become prime targets for cyber criminals, according to a report released Tuesday by Trustwave.

For the first time in three years, retailers accounted for the highest percentage of investigations done by the company, which provides security compliance management services.

Nearly half (45%) of the attacks investigated by Chicago-based Trustwave were aimed at retailers, according to the company's 2013 Global Security Report -- substantially more than other top targets: the food and beverage (24%) and hospitality (9%) industries.

Cyber criminals are realizing just how fat a target retail represents, said Chris Pogue, Trustwave's director of incident response and forensics. "There are eight to nine million retail merchants in the United States. That's a whole lot of potential targets."

[See also: APT in action: The Heartland breach ]

Pogue noted that pinning a number on the losses retailers suffer annually from cyber crime is difficult. "If I had to guess, it's in the billions," he said.

The motivation for targeting retailers is one that spans decades, according to Jeff Williams, director of security strategy at Dell Secureworks. "They go where the money is and they go there often," he said.

Pogue argued that retailers are more vulnerable because their core competency not cybersecurity. As a result, basic security steps aren't taken, giving attackers an avenue into their systems. Those vulnerabilities include remote system administration that's enabled at all times; weak passwords; and default accounts with administrative privileges.

According to the report, the most common password is still Password1 and an analysis by Trustwave of three million user passwords, revealed that half of all users chose passwords that met the bare minimums for their organizations.

Network marauders have an advantage over network defenders, Williams said. "There are weak links in any chain that can be exploited. An attacker only needs to find one of those links to get a foothold in a network.

"That makes the game easier for the attackers than the defenders, particularly if the defenders don't consider themselves a target."

Compounding matters, retailers don't always consider themselves to be targets, Trustwave reported. "There is a misconception that these organizations are not a target," the report said. "In practically all of the 2012 investigations, this statement was made in just about every case: 'Why me?'

"The answer can only be 'Because you have something worth taking that is not protected.'"

Not all retailers are lax on security, Pogue said. Cloud retailers like Amazon and Google Pay are much more proactive. "They go through exhaustive lengths to protect their hundreds and hundreds of millions of potential customers," he said.

"We haven't seen any breaches up to this point where a cloud-based service was attacked," Pogue said. "I think those are high-value targets, so they're probably being worked on now by someone."

"I fully anticipate we'll see [a breach] at some point," he said, "and when we do, it's going to be front and center in the news because it's going to affect so many people."

In addition to its findings about attacks on retailers, Trustwave found:

  • Web applications have become the most popular attack vector, with e-commerce sites being the top targeted asset.
  • Mobile malware exploded in 2012, with the number of samples in Trustwave's collection growing by 400%.
  • Almost two-thirds (63%) of cyber incident investigations are being farmed out by organizations to third parties.
  • The average time for a business to detect a data breach is 210 days, 35 days longer than it was in 2011.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationspasswordslegalsoftwareindustry verticalsdata protectionretailerscybercrimeretailData Protection | Malwaretrustwave

More about Amazon Web ServicesAPTDellDell SecureworksGoogleTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts