IBM: Retail attacks down, but when they hit cyber-attackers get more

In 2014 unauthorized access via Secure Shell Brute Force was most trendy attack; Shellshock as well as POS malware such as BlackPOS, Dexter, vSkimmer, Alina and Citadel were also prevalent.

IBM says there's good and bad news when it comes to retail cyber attacks: While overall network assaults are down by 50%, when they hit, cyber-attackers get a ton of data.

+ More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2014 +

According IBM, cyber attackers are becoming increasingly more sophisticated, using new techniques to obtain massive amounts of confidential records with increased efficiency. For example, since 2012 the number of breaches reported by retailers dropped by 50%, but in 2014 cyber attackers still managed to steal more than 61 million records, according to Big Blue's 2014 Retail Research and Intelligence Report and the Holiday Trends: Black Friday/Cyber Monday Research and Intelligence Report.

Delving into that 61 million number, IBM noted it too is down from almost 73 million in 2013. "However, when the data was narrowed down to only incidents involving less than 10 million records (which excludes the top two attacks over this timeframe, Target Corporation and The Home Depot), the data shows a different story--the number of retail records compromised in 2014 increased by more than 43% over 2013."

Despite this "cyber threat slow down," the retail and wholesale industries emerged as the top industry target for attackers in 2014, a potential result of the wave of high profile incidents impacting name brand retailers. In the two years prior, manufacturing ranked first among the top five attacked industries while the retail and wholesale industry ranked last, IBM said.

This past year, the primary mode of attack was unauthorized access via Secure Shell Brute Force attacks, which surpassed malicious code, the top choice in 2012 and 2013.

Some other interesting points from the IBM survey:

  • While there has been a rise in the number of Point of Sale (POS) malware attacks, the vast majority of incidents targeting the retail sector involved Command Injection or SQL injection. The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target. Over 2014, this Command Injection method was used in nearly 6,000 attacks against retailers. Additional methods include Shellshock as well as POS malware such as BlackPOS, Dexter, vSkimmer, Alina and Citadel

  • Contrary to what most would expect, the majority of cyber attackers scaled back their hacking efforts around Black Friday and Cyber Monday in 2014 rather than capitalize from the massive spike in retail spending. When looking at the two week period (Nov. 24 - Dec. 5) around these days, the data shows the following activity across all industries:

-The number of daily cyber attacks was 3,043, nearly one third less than the 4,200 average over this period in 2013.

-From 2013 and 2014, the number of breaches dropped by more than 50% for Black Friday and Cyber Monday.

-In 2013, there were more than 20 breaches disclosed including several large breaches that caused the number of records compromised to rise drastically, reaching close to 4 million.

-Over the same period in 2014, 10 breaches were disclosed which resulted in just over 72,000 records getting compromised.

Join the CSO newsletter!

Error: Please check your email address.

Tags TargetIBMsecurityHome Depotintelmalware

More about Big BlueCitadelHome Depot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts