Rising Cyber Attacks and Their Threat to the Retail Sector

Persistent Threats: The retail sector is currently facing an increasing wave of highly dangerous cyber attacks, once again highlighting the persistent threats of security breaches. Last April, Co-op was forced to disable its technology systems to prevent attackers from deploying malware, which affected its ordering and inventory management operations. Although company representatives confirmed that they managed to avoid the worst consequences of the attack, the incident underscores the importance of a rapid response.

Impact of M&S Attacks: More significantly, M&S suffered a successful cyber attack that halted its online order acceptance, leaving its shelves empty. The company is still dealing with the aftermath of this breach, expecting its commercial operations to return to normal after several months.

Rise of SIM Swapping Attacks and Identity-Based Threats

The Common Thread of Breaches: The common thread among these prominent retail sector breaches is the attackers' reliance on employee data to carry out SIM swapping operations and fraud to gain unauthorized access to systems, tactics that are seeing an alarming increase. SIM swapping involves attackers exploiting stolen personal information to impersonate individuals and contact mobile phone companies, falsely claiming they need a new SIM card due to loss or damage. If successful, the mobile phone company transfers the victim's phone number to the attacker's new SIM card, enabling them to bypass two-factor authentication and access the victim's accounts.

Increase in SIM swapping attacks: The UK's National Fraud Database reported a staggering 1,055% increase in SIM swapping attacks in 2024, with the number of cases rising from 289 in 2023 to nearly 3,000 in 2024 Mobile ID World.

Identity-Based Attacks: These attacks fall under the category of identity-based attacks, which consistently represent the greatest threat organizations face. According to Expel's Q1 2024 report, identity-based attacks (such as account compromise and takeover) accounted for 61% of all security incidents observed by their Security Operations Center (SOC) Expel.

Exploiting Human Vulnerabilities: With M&S confirming that human error was the cause of the attack's repercussions, it is clear that attackers continue to exploit human and credential-related vulnerabilities, exposing organizations to financial losses and potentially catastrophic reputational damage.

Malware and Misconfiguration Vulnerabilities

Malware Threats: Among the threats Expel observed in Q1 2024, commercial malware (including malware families associated with pre-ransomware operations) accounted for 16% of observed incidents. Many of these attacks were delivered via exposed or misconfigured network devices, such as firewalls and Virtual Private Networks (VPNs) Expel.

Exploiting Compromised Devices: Compromised devices are likely to be used as widespread entry points, not only in targeted attacks but also through extensive scanning and opportunistic exploitation of common configuration errors or vulnerabilities.

Social Engineering Techniques and Advanced Attacks

Evolution of Social Engineering: In another context, social engineering techniques continue to evolve. Attackers use methods such as Adversary-in-the-Middle (AiTM) attacks and credential harvesters to trick users, often via fake pop-ups requesting an update or manipulating CAPTCHA and QR codes to infect devices Expel.

Endpoint Vulnerabilities: These increasing tactics reveal how easily endpoint vulnerabilities can be turned against organizations. Even seemingly simple user interactions, or fleeting errors in device usage, can lead to the execution of malicious code, transforming protective systems like VPNs and firewalls into critical vulnerabilities.

Enhancing Security Hygiene and Managed Detection and Response Services

Importance of Security Hygiene: Robust security hygiene is vital for protecting sensitive systems, as it only takes one oversight to create critical access points for threat actors.

Reducing Exposure to Threats: Regularly updating systems and emphasizing security hygiene among employees can reduce exposure to cyber threats. For example, organizations should enforce the use of the best password management software for all employees, including contractors or freelancers. Implementing security best practices helps ensure that the organization is not an easy target for attackers, and may even encourage them to move on to other targets.

Managed Detection and Response (MDR): Companies can also consider using Managed Detection and Response (MDR) services to ensure that threats can be identified, prioritized, and resolved efficiently, while any suspicious activity can be monitored, reported, and dealt with. It is no longer a matter of if attackers will get in, but when, and the ability to quickly identify and neutralize threats is crucial to minimizing business disruption.

Cyber Incident Simulation and Proactive Preparedness

Practicing Incident Response: To stay ahead of threats, it is essential for security and IT management teams to dedicate time to conducting tabletop exercises for realistic cybersecurity incidents, gathering key stakeholders across the business – such as CFOs, communications managers, and executives – to practice incident response in a collaborative manner.

Testing the Response Plan: This focuses on decision-making and processes, testing the organization's response plan by identifying gaps, strengthening team roles, and improving communication. These exercises help the organization build and develop its incident response capability, which helps to tame the intense stress that can be seen during an actual cyber incident.

Pivotal Response Plans: Given the increasing threat of credential-based attacks, having concrete and pressure-tested incident response plans is pivotal. This means having visibility into affected systems and the ability to contain and mitigate successful attacks.

Devastating Business Impacts: These recent incidents serve as a reminder of the potentially devastating and long-term business impacts resulting from successful attacks. For example, M&S estimated its profit losses from this security incident would reach approximately £300 million once its services are fully restored. In contrast, Co-op reacted quickly, shutting down its technology systems when its security team detected attackers in their system. As a result, reports indicate that Co-op is recovering faster than M&S, proving that a proactive, coordinated, and pre-defined security plan can save companies millions of pounds.

Operational Strategic Security: These latest examples from UK retailers underscore the urgent need for organizations to prepare for abnormal access behaviors and credential misuse. Data shows that attackers are targeting identity tools, exploiting misconfigured systems, and using automation to scale their attacks. In a new era of cyber threats, reactive security is no longer viable. Businesses must ensure their networks are constantly protected, maintained, and updated to suppress the escalation of cyber attacks before they worsen. It is time for businesses to treat network security as a strategic and operational priority, not merely a compliance exercise.