Retailers a prime target for cybercriminals in 2012

Nearly half of the attacks investigated by the company were aimed at retailers, says Trustwave

Retailers now a prime target for cyber criminals, says Trustwave by John P. Mello Jr. Retailers have become prime targets for cyber criminals, according to a report released Tuesday by Trustwave.

For the first time in three years, retailers accounted for the highest percentage of investigations done by the company, which provides security compliance management services.

Nearly half (45%) of the attacks investigated by Chicago-based Trustwave were aimed at retailers, according to the company's 2013 Global Security Report -- substantially more than other top targets: the food and beverage (24%) and hospitality (9%) industries.

Cyber criminals are realizing just how fat a target retail represents, said Chris Pogue, Trustwave's director of incident response and forensics. "There are eight to nine million retail merchants in the United States. That's a whole lot of potential targets."

[See also: APT in action: The Heartland breach ]

Pogue noted that pinning a number on the losses retailers suffer annually from cyber crime is difficult. "If I had to guess, it's in the billions," he said.

The motivation for targeting retailers is one that spans decades, according to Jeff Williams, director of security strategy at Dell Secureworks. "They go where the money is and they go there often," he said.

Pogue argued that retailers are more vulnerable because their core competency not cybersecurity. As a result, basic security steps aren't taken, giving attackers an avenue into their systems. Those vulnerabilities include remote system administration that's enabled at all times; weak passwords; and default accounts with administrative privileges.

According to the report, the most common password is still Password1 and an analysis by Trustwave of three million user passwords, revealed that half of all users chose passwords that met the bare minimums for their organizations.

Network marauders have an advantage over network defenders, Williams said. "There are weak links in any chain that can be exploited. An attacker only needs to find one of those links to get a foothold in a network.

"That makes the game easier for the attackers than the defenders, particularly if the defenders don't consider themselves a target."

Compounding matters, retailers don't always consider themselves to be targets, Trustwave reported. "There is a misconception that these organizations are not a target," the report said. "In practically all of the 2012 investigations, this statement was made in just about every case: 'Why me?'

"The answer can only be 'Because you have something worth taking that is not protected.'"

Not all retailers are lax on security, Pogue said. Cloud retailers like Amazon and Google Pay are much more proactive. "They go through exhaustive lengths to protect their hundreds and hundreds of millions of potential customers," he said.

"We haven't seen any breaches up to this point where a cloud-based service was attacked," Pogue said. "I think those are high-value targets, so they're probably being worked on now by someone."

"I fully anticipate we'll see [a breach] at some point," he said, "and when we do, it's going to be front and center in the news because it's going to affect so many people."

In addition to its findings about attacks on retailers, Trustwave found:

  • Web applications have become the most popular attack vector, with e-commerce sites being the top targeted asset.
  • Mobile malware exploded in 2012, with the number of samples in Trustwave's collection growing by 400%.
  • Almost two-thirds (63%) of cyber incident investigations are being farmed out by organizations to third parties.
  • The average time for a business to detect a data breach is 210 days, 35 days longer than it was in 2011.

Copyright © 2013 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!