Retailers have been warned to prepare for a wave of cyberattacks as they reopen to the public as hackers look to take advantage of on-premise systems that have remained unpatched during COVID-19 lockdowns.
While many businesses have been able to continue trading online during the pandemic, the vast majority of bricks-and-mortar stores were forced to close early on in line with government restrictions to contain the spread of the virus. During this time, point-of-sale (POS) and point-of-interaction (POI) technology, such as payment terminals and connected PCs, as well as other systems used to complete transactions with customers, have remained dormant.
SEE: Return to work: What the new normal will look like post-pandemic (free PDF) (TechRepublic)
In its latest report, Shopping Spree: Cybercriminals Target Retail as Stores Reopen to the Public, cybersecurity intelligence platform IntSights warns that these vulnerabilities could be exploited by cybercriminals as the retail market undergoes a post-lockdown reawakening.
This will require dusting off existing idle systems and revisiting maintenance plans to make sure POS and POI are patched and fitted with up-to-date security controls. Charity Wright, cyber threat intelligence analyst at IntSights, told TechRepublic that employers likely wouldn’t have security at the forefront of their minds as they rushed to get shops open and employees back to work.
“Most of the big retailers have been in business in some way,” Wright said. “A lot of them have been maintaining their online payment processors, but not necessarily their physical terminals in the stores.
“A lot of retailers, when they come back online, they’re going to be focused on business processes and getting employees back to work. They’re not necessarily thinking, ‘maybe I need to update Windows on my computer terminal’, or update POS terminal firmware.”
In retail, where surges in online transactions during the pandemic have forced retailers to quickly transform their ecommerce capabilities, hackers have shifted their focus to make the most of this opportunity.
This includes changing-up well-known types of attacks by using them in different ways, such as exploiting credit cards within a different type of merchant platform, and targeting parts of retailers’ systems that might otherwise slip through the cracks.
We’ve already seen new forms of attacks on retailers take place during the pandemic. In late June, researchers at security software firm Malwarebytes identified a new web-skimming attack, whereby cybercriminals concealed malware on ecommerce sites that would steal information typed into the payment input fields, including customers’ names, address and card details.
SEE: SSL certificate best practices policy (TechRepublic Premium)
As physical stores begin to reopen, businesses face fresh threats from hackers looking to exploit unpatched software. “As soon as they turn on those POS systems and PCs that they’re using to manage their business, they need to focus on security patching and updates, first and foremost,” Wright said.
“If they don’t know how to do that themselves – say, if they’re a small business – they need to contact the manufacturer or whoever manages that software. Go to the websites of the software developers and the websites of the manufacturers and see what kind of updates and security protocols they advise.”
Smaller merchants are particularly vulnerable, said Wright. “Small businesses are one of the most vulnerable in the retail industry because they tend to use payment systems like PayPal or Square, something with a credit-card scanner,” she explained.
“There may be sensitive passwords and credentials on their actual computers for those types of accounts, to login to their PayPal account.”
It’s not just payment information at risk, either: “Most retailers are using a PC with some kind of sales software on it, and often times HR software as well,” Wright added.