Retailers new targets for cyberattacks
Many recent cyberattacks have been targeted at retailers who are becoming increasingly more vulnerable. In some cases, attacks on retailers have not only paralysed the business, but also society. These attacks show how vulnerable society is and that security has not kept up with the pace of digitalisation. So, how can retailers increase their security and stop this trend?
Cyberattacks on retailers
During the past year, several retailers have been subjected to cyberattacks, including NA-KD, Synsam and tretti.se. In June 2021, Bauhaus was hit by a major IT attack, which caused technical problems for stores in several countries. In Sweden alone, 22 department stores and 4,000 employees were affected when e-commerce, connections, business systems and stock data were down.
The latest report on major IT breakdowns concerned the food chain Coop. 800 Coop stores were forced to close for several days due to an IT attack that shut down their payment system. The attack was part of a larger global event targeting the American software company Kaseya. Several other Swedish and international companies were affected by the same event, such as the pharmacy chain Apoteket Hjärtat, the train company SJ and the St1 petrol chain.
Why are attacks on retailers so serious?
Retailers are particularly vulnerable as they depend on their IT systems. For some, a large part of their sales takes place over the internet. Since much is managed digitally, but might not have sufficient protection, there is a risk that retailers are not prepared for an attack. This could make them a target for cybercriminals.
As businesses in IT increasingly rely on third parties and service providers, the resilience of the supply chains becomes critical. Supply chains can many times form complex webs of interconnected, multi-level delivery chains, where different providers are linked to customers and also to each other. A breach in one of these links can have a direct ramification on a vast number of businesses. The effects can spread from a local incident to global in an instance, when taking into account that many businesses and IT providers are international. The attack that hit Coop was, as previously mentioned, aimed at the software supplier Kaseya. Kaseya has 37,000 customers and their software aims to ensure that IT environments maintain good security. The attack was thus not aimed at Coop but at a major supplier, which shows the spread that such an attack can have.
What can retailers do?
Nowadays, practically all businesses have to rely on software supply chains, even in the case of an on-premise IT-infrastructure and local maintenance. Also, all software, whether it is an operating system or business application, need updates from vendors to implement new features, fix bugs or patch critical vulnerabilities. These updates are downloaded from the vendor, or from some other trusted party through the internet. In some cases, portable media (e.g. USB) can be used to decrease the risk of it to be tampered with by a malicious outside actor.
When implementing software updates, it is good security practice to use only trusted sources and verify the integrity of the update packages by checking that the HASH-sum of each downloaded package matches the sum informed by the vendor. But what if someone tampers the package by placing additional payload, like a backdoor, ransomware or any other malicious content to the package at the source, the vendor? In this case, the vendor's infrastructure would have been breached and the malicious content is placed in the software package without the vendor's knowledge. For the businesses using or providing it to their customer, the integrity of the software packages would appear to be OK and the source would seem trustworthy.
Advenica has a unique, high assurance solution, File Security Screener (FSS), to ensure the security of the transferred files and to considerably reduce the risk of transferring malicious file content placed in files such as software updates. The FSS is an automated solution to analyse and sanitise the file content with 30+ antivirus engines. The solution uses Advenica’s high assurance unidirectional gateways, data diodes, to ensure the highest possible segregation of the customer infrastructure from external networks. The FSS provides the most secure and comprehensive up-to-date protection in the market for businesses against software supply chain attacks and other for other file-based vulnerabilities.
Do you want to know more about the File Security Screener? Read more about the solution!
Read more about what society can do to become less vulnerable!