Infostealers Prevalent in Retail Sector Cybercrime Trends

Written by

Infostealers, IoT botnets and remote access tools have been identified as the primary weapons employed by cyber-attackers targeting retail organizations over the past year.

The findings come from Netskope Threat Labs, which has today published its latest research report focusing on cloud threats in the retail industry.

The document reveals a significant shift in retail sector use of cloud applications, particularly toward Microsoft apps like Outlook. 

OneDrive has seen a notable increase in popularity, with the percentage of users shifting from 43% to 51%, while Google Drive has experienced a decline from 34% to 23%. Outlook has surpassed Gmail as the most popular email app in retail, with twice as many malware downloads occurring via Outlook (10%) compared to the industry average (5%).

Additionally, Mirai botnet variants have increasingly targeted network devices in the retail environment, such as routers and IoT devices running Linux. Often overlooked as security risks, these devices can provide valuable information for cybercriminals or be exploited to launch DDoS attacks against other targets.

“Mirai is not a particularly recent threat, and since its discovery in 2016, there are now multiple variants used today,” said Paolo Passeri, cyber intelligence principal at Netskope.

“The fact that attackers continue to use it to target IoT devices shows that too many organizations continue to dangerously overlook the security posture of their internet-connected devices.”

Furthermore, the report highlights the growing popularity of WhatsApp in the retail sector, which is three times more prevalent (14%) compared to other industries (5.8%). Although WhatsApp is not currently listed among the top apps for malware downloads, its increasing popularity raises concerns about its potential as a future target for cyber-attacks.

Read more on the retail sector cybersecurity landscape: Three-Quarters of Retail Ransomware Attacks End in Encryption

Netskope advised retail enterprises to enhance their security by inspecting all HTTP and HTTPS downloads, scrutinizing high-risk file types and implementing policies to minimize risk exposure. Additionally, deploying an Intrusion Prevention System (IPS) to block malicious traffic patterns and leveraging Remote Browser Isolation (RBI) technology for added protection against risky websites is crucial.

“Following fundamental cyber-hygiene best practices like inspecting web and cloud traffic and ensuring you can block malicious traffic and isolate compromised endpoints or domains will reduce the risk that you fall victim to these attackers,” Passeri concluded.

What’s hot on Infosecurity Magazine?