Unless you’ve been living under a rock recently you’ll already be aware that there have been a large number of data breaches recently and that some of the higher profile among them have been aimed at retailers, including Target and Home Depot.
Now, according to a new report from Imperva Inc, retail is the number one target for the bad guys as the company urges extra vigilance among companies in that sector.
The findings, which indicate that 48% of all web application attack campaigns target retail applications, come from the recent Imperva Web Application Attack Report #5 (WAAR) which is produced by the company’s Application Defense Center (ADC) research team. The ADC analysed a subset of 99 applications protected by the Imperva SecureSphere Web Application Firewall (WAF) over a period of nine months, from August 1, 2013 to April 30, 2014. The study found that retailers are the most heavily targeted by cybercriminals, and that 40% of all SQL injection attacks and 64% of all malicious HTTP traffic campaigns target retail web sites.
Commenting on the findings from the study, Amichai Shulman, Chief Technology Officer at Imperva, said:
“Our study shows that retail sites are a big target for hackers. This is largely due to the data that retail websites store – customer names, addresses, credit card details, which cybercriminals can use and sell in the cybercrime underworld. Over the last year we have seen a number of retailers suffer data breaches and I expect this will continue. Our previous Web Application Attack Report #4, published in July 2013, also revealed that retail applications were the most heavily targeted by cybercriminals. The study showed that retail sites suffered twice as many SQL injection attacks in comparison to other industry sectors. Given that the study findings have not improved for retailers over the last year I would say this threat is not showing any signs of diminishing.”
Other findings from the study revealed that websites containing consumer information, which require some form of log-in credentials, suffer up to 59% of the attacks. This shows very clearly exactly what kind of information most motivates cybercriminals. Consumer information such as personal details and credit cards are a valuable and tradable black market piece of information.
Shulman added that:
“Retailers must take the threat of cyber attack very seriously. Over the last year we have seen some very well known, and seemingly secure, retail websites hit by devastating cyber attacks and these should act as a warning to others in the industry. Cybercriminals look at retailers as a very profitable target and they are attacking these websites relentlessly looking for a way in. Information that a hacker is able to extract from the site will very likely make its way onto sites that sell breached data. It is a big business. Retailers should be locking down their data centres and databases, ensuring all data is encrypted and that there are strong barriers in place to help keep out intruders.”