Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.
Retail operations, whether in-store or online, rely on a long chain of connections between third parties. When attackers target one of these third parties, they can wreak havoc on the supply chain, affecting business operations up and down the line.
These supply chain attacks are not theoretical — they’ve already caused major damage. Let’s take a look at some surprising ways supply chain attacks have impacted retailers, and review some strategies for improving retail supply chain cybersecurity.
The Supply Chain can be used to Access Retailers' Protected Systems.
Thanks to increased investment in cybersecurity, it’s become more and more difficult for attackers to break into retailers’ networks directly. Instead, they might target vendors in the supply chain and look for a back door.
In both the Target and Home Depot data breaches — two of the largest of all time — attackers began by targeting third parties. Using phishing emails or other methods, they stole the login credentials that gave these companies access to the retailer’s vendor portal. Once inside the system, the attackers were able to get elevated access and move laterally within the retailer’s network, where they installed malware that scraped POS systems for payment card information.
The 2018 Ticketmaster data breach saw a shockingly similar scenario play out in the e-commerce space. The threat actors initially targeted an AI-driven search/chatbot company whose software was used on e-commerce sites. They injected a piece of malicious code, which was then implemented into the Ticketmaster website. From there, the attackers were able to install card-skimming malware that bypassed PCI DSS controls and transmitted unencrypted data back to the attacker’s own servers.
Attacks that Affect Manufacturing and Logistics Disrupt Operations.
In June 2017, a virus called NotPetya (a.k.a. GoldenEye) started shutting down computer systems all over the globe.
The virus mimicked an earlier version of Petya, which would lock down a system’s important files and then demand a bitcoin ransom in exchange for a decryption key. Unlike this earlier version, however, the June 2017 virus destroyed the target data instead of just encrypting it.
The Petya attack affected countless businesses, including A.P. Moller–Maersk, the largest container shipping company in the world. Maersk was forced to revert to manual operations following the attack, resulting in a 20% drop in shipping volume and about $250-$300 million USD in losses. The company’s infrastructure had to be almost completely reinstalled, a monumental effort which took about 10 days.
The Petya cyberattack also halted operations at other logistics companies, including last-mile shippers like FedEx and TNT Express.
On the other side of the supply chain, the same cyberattack was taking down manufacturing facilities. For example, the Cadbury Chocolate factory was forced to shut down production and order fulfillment, resulting in about $140 million USD in losses.
These types of disruptions inevitably affect retailers, whose inventory is sometimes left stranded either pre- or post-sale by offline systems.
Attacks on Web Services Companies cause e-commerce Outages.
In October 2016, a series of DDoS attacks launched from the Mirai botnet were aimed at Dyn, a major DNS provider. You might remember these attacks, as they managed to take a large swath of the U.S. internet offline for hours.
Affected sites included e-commerce giants Amazon, Etsy, and Overstock.com, resulting in downtime and an unknown amount of lost revenue. This is just one example in a long series of internet services outages that have managed to disrupt online retailers.
What can Retailers do to Improve Supply Chain Cybersecurity?
There are several strategies retail security professionals can use to decrease the risk of supply chain attacks:
- Use a continuous monitoring solution like security ratings to assess the security performance of third parties, then take steps to remediate any issues revealed.
- Use code scanning tools to check for security risks on any third-party code being used in your systems.
- Create a complete map of your organization’s IT vendors and service providers to identify single points of failure and create backup strategies, reducing potential downtime.
- When possible, make sure third-party accounts on internal systems have limited access to those networks containing sensitive data.