Retailers are urged to be extra vigilant to cyber attacks following the results of a study from Imperva, Inc., which has found that 48% of all web application attack campaigns target retail applications, making the industry the most heavily targeted by cybercriminals.
The findings come from the recent Imperva Web Application Attack Report #5 (WAAR) which is produced by the company’s Application Defense Center (ADC) research team. The ADC analysed a subset of 99 applications protected by the Imperva SecureSphere Web Application Firewall (WAF) over a period of nine months, from August 1, 2013 to April 30, 2014. The study found that retailers are the most heavily targeted by cybercriminals, and that 40% of all SQL injection attacks and 64% of all malicious HTTP traffic campaigns target retail web sites.
Commenting on the findings from the study, Amichai Shulman, Chief Technology Officer at Imperva, said: “Our study shows that retail sites are a big target for hackers. This is largely due to the data that retail websites store – customer names, addresses, credit card details, which cybercriminals can use and sell in the cybercrime underworld. Over the last year we have seen a number of retailers suffer data breaches and I expect this will continue. Our previous Web Application Attack Report #4, published in July 2013, also revealed that retail applications were the most heavily targeted by cybercriminals. The study showed that retail sites suffered twice as many SQL injection attacks in comparison to other industry sectors. Given that the study findings have not improved for retailers over the last year I would say this threat is not showing any signs of diminishing.”
Other findings from the study revealed that websites containing consumer information, which require some form of log-in credentials, suffer up to 59% of the attacks. This shows very clearly exactly what kind of information most motivates cybercriminals. Consumer information such as personal details and credit cards are a valuable and tradable black market piece of information.
“Retailers must take the threat of cyber attack very seriously. Over the last year we have seen some very well known, and seemingly secure, retail websites hit by devastating cyber attacks and these should act as a warning to others in the industry. Cybercriminals look at retailers as a very profitable target and they are attacking these websites relentlessly looking for a way in. Information that a hacker is able to extract from the site will very likely make its way onto sites that sell breached data. It is a big business. Retailers should be locking down their data centres and databases, ensuring all data is encrypted and that there are strong barriers in place to help keep out intruders,” continued Shulman.