RetailDetail EU
Europe - EN
  • België - NL
  • Belgique - FR
  • Nederland - NL
  • Europe - EN
  • About us
  • Contact
  • Subscribe
  • Sign in user
  • News
    • Food
    • Fashion
    • Home
    • Electronics
    • Beauty/Care
    • DIY/Garden
    • Leisure
    • General
  • RetailDetail Plus
  • Events
  • Hunts
  • RetailHub
  • Advertising & Partnerships
    • EVENT PARTNERSHIPS
    • PRINT ADVERTISING
    • ONLINE ADVERTISING
RetailDetail EU
Europe - EN
  • België - NL
  • Belgique - FR
  • Nederland - NL
  • Europe - EN
  • About us
  • Contact
  • Sign in user
  • News
    • Food
    • Fashion
    • Home
    • Electronics
    • Beauty/Care
    • DIY/Garden
    • Leisure
    • General
  • RetailDetail Plus
  • Events
  • Hunts
  • RetailHub
  • Advertising & Partnerships
    • EVENT PARTNERSHIPS
    • PRINT ADVERTISING
    • ONLINE ADVERTISING
thumb
Written by Stefan Van Rompaey
In this article
  • Companies CasaIBMMediaMarktMetro
Share article
  • facebook
  • instagram
  • twitter
  • linkedin
  • email

Why retail is increasingly targeted by cybercriminals

icon
General22 February, 2023
Shutterstock.com

Cyber attacks on major retailers like MediaMarkt, Casa International and Metro made headlines last year, and that is no coincidence: in 2022, retail was the fifth most targeted industry by cybercriminals.

Attractive to hackers

Late 2021, electronics chain MediaMarkt was the victim of an international cyber hostage crisis, which among other things forced the disconnection of cash register systems in shops. Hackers demanded a ransom of more than forty million euros. Last summer, Casa International’s IT systems were encrypted and certain personal data were leaked. A large-scale cyber-attack on Metro last autumn caused IT problems that dragged on for weeks, causing the cash register systems and electronic price labels to fail. This also severely hampered the clearance sale at bankrupt Belgian subsidiary Makro.

These are just three examples that illustrate the extent to which retailers are also targeted by hacker gangs. However, the problem is much bigger: many incidents do not make it into the media. According to IBM figures, retail was the fifth most targeted industry by cybercriminals in 2022, accounting for 8.7 % of all attacks in the top ten industries. This is a significant increase from the 7.3 % in 2021, IBM’s latest X-Force Threat Intelligence Index reports. With an annual 2.72 trillion euros in online retail transactions – up 20 % from the previous year – retail is now an attractive sector for cybercriminals, given the large amounts of sensitive data.

Opening back doors

The most common type of attacks on retailers was sending spear-phishing emails with a malicious link (33 %). The main consequences of these attacks were extortion (50 %), stealing data (25 %) and financial loss (25 %). Hackers not only fish customer data to extort retailers, but also more frequently target disrupting services, leaving retailers unable to trade, X-Force’s European head Eben Louw explains.

In 2021, IBM saw more frequent use of ransomware. Last year, that changed: “After the outbreak of war in Ukraine, we saw an increase in attacks from the end of April. The aim of those attacks was mainly to open back doors, and then very slowly and covertly penetrate systems to steal data.”

In retail, the application servers and online operations are often vulnerable. Once cybercriminals manage to penetrate the systems, they have free rein, given the trust relationships between the application server and the back-end databases. “Often they do not even need to crack accounts. For example, there are no firewalls between applications. Also, accounts are often given too many administrative rights. Developers often take shortcuts because they are under time pressure.”

No guarantees

When retailers get back up and running quickly after a reported cyberattack, you may wonder what happened behind the scenes: did they pay a ransom? The problem is that you can never trust cybercriminals: “They do say: pay us and we will destroy all the data we stole from you. We never get involved in those negotiations, but we understand from our research that you never get real guarantees.”

And it is not just about the stolen data, it is also about the credentials: hackers can get in through a leak in the system, but also through stolen usernames and passwords. In the time pressure to get systems operational again very quickly, that back door is often left open and hackers can strike again if they want to. “You can never again put your trust in a system in which hackers have been at work. You have to reinstall it and restore your backups. Companies often refuse to do that because they do not have the hardware, the storage capacity, the people or the time. Sometimes they do not even have the passwords to old network systems anymore, because they were configured by suppliers they no longer work with.”

Vulnerable POS systems

Is it even possible to secure your systems perfectly? “You can never be 100 % secure. We recommend securing your systems to the extent that it becomes so difficult for criminals that they would rather try somewhere else. They are opportunists with a revenue model: they might attempt to penetrate your system for one or two days, but if that fails, they will shift their attempt to the next company.”

Map your external attack surface, Louw advises: what can cybercriminals see from the outside and how can they attack you? “You need to understand that and improve it. Then you start looking internally at the vulnerabilities in your systems. Cash registers, for example, often still run on old legacy operational systems. If hackers can take those down, the retailer comes to a standstill. You also need to frequently audit all your local user accounts and domain accounts.” Paradoxically, the antivirus system is often the ideal backdoor, as it provides smooth access to all systems without any threshold. The same applies to backup servers.

User awareness is also critical, Louw points out. “That has increased, as we see that phishing emails have become less prominent.” However, management must also realise how big the commercial and financial impact of an incident can be. This does not always turn out to be the case. “A Portuguese retailer hit by a cyber-attack set aside a budget to improve security. But a few weeks after the incident, when the team wanted to start implementing the agreed measures, the budget appeared to have disappeared…”

Stay up-to-date

Receive our free newsletters and do not miss out on the latest retail news.

Subscribe
logo

Cyber attacks on the likes of MediaMarkt, Casa International and Metro made headlines last year, and that is no coincidence: in 2022, retail was the fifth most targeted industry by cybercriminals.

More on General
See more
  • icon
    General23 March, 2023
    Action opens a record number of shops

    Action has seen its turnover increase by almost a third in 2022. The non-food discounter has added 280 shops and entered Spain.

  • icon
    General22 March, 2023
    Colruyt sells offshore wind farms

    Belgian retailer Colruyt Group is selling its offshore wind farms to the Japanese Jera Group. The deal will bring in at least one and a half billion euros.

  • icon
    General20 March, 2023
    Amazon is laying off 27,000 employees

    Amazon is cutting another 9,000 jobs, on top of the already announced 18,000 layoffs. Jobs are now also being lost at gaming platform Twitch and even at its lucrative cloud division AWS.

Events
  • 20
    Apr
    RetailDetail Congress
  • 11
    May
    Fashion & Beauty Congress
  • 15
    Jun
    Human Resources & People Congress
  • 29
    Jun
    Food Congress
Most read
  • icon
    Fashion3 March, 2023
    LVMH eager for luxury merger with Richemont
  • icon
    Fashion15 March, 2023
    Zara increases its competitive edge over H&M
  • icon
    Food7 March, 2023
    Delhaize to sell all Belgian stores
  • icon
    Food9 March, 2023
    Week-long strike at Belgian Delhaize stores
Follow RetailDetail
  • socialFacebook
  • socialTwitter
  • socialInstagram
  • sociallinkedIn
footer-logo
RetailDetail, the leading b2b-retailcommunity in the Benelux, keeps retail professionals up-to-date by means of online & offline publications, retail events, inspiring retail hunts and the unique co-creation platform retailhub, where retailers and their suppliers can experience the future of shopping.
RetailDetail Mailing Address:
Kolveniersstraat 7, bus 26 
2000 Antwerp
Visiting address:
Stadsfeestzaal – Meir 78 
2000 Antwerp
How to reach us:
Directions
© 2023 RetailDetail
general conditions | privacy policy
+32 3 500 89 59 info@retaildetail.be
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies.
Accept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT