IoT Botnets And Infostealers Key Malware Families Targeting Retail Sector: Netskope Report
The report was based on anonymous usage data of a retail sector subset of Netskope customers.
Netskope Threat Labs has published a report focused on cloud threats in the retail sector. The report found that IoT botnets, remote access tools and infostealers were the key malware families used by attackers targeting retail in the past year.
Retail has also undergone a shift over the past year from predominantly Google Cloud-based applications to Microsoft apps like Outlook, the report indicated.
The report was based on anonymous usage data of a retail sector subset of Netskope customers.
Here are some key findings:
Use Of Infostealers To Target Retail
Infostealers were a prominent malware family for the retail sector as attackers attempted to steal valuable data such as payment details from organisations and customers.
Infostealers also feed into the wider cybercrime ecosystem, with attackers selling harvested credentials and personal financial details.
Botnets And Trojans Targeting Network Devices
The Mirai botnet family has increasingly been seen to target exposed networking devices running Linux such as routers, cameras and other IoT devices in retail. Since the leak of Mirai malware’s source code, the number of variants of this malware has increased considerably.
Remote access trojans were also popular as they allow access to browsers and remote cameras, sending information to attackers or receiving commands.
Microsoft Suite Targeted
Microsoft OneDrive was the most popular cloud application for malware delivery across all sectors, including retail. Attackers capitalised on users’ trust and familiarity with OneDrive, increasing the likelihood they will click on the links and download the malware.
In retail, attacks via Outlook were more successful than in other sectors. The retail sector saw twice as many malware downloads via Outlook (10%) as other industry averages (5%).
WhatsApp’s Popularity In Retail
WhatsApp was three times more popular in retail (14%) than in other industries (5.8%) for average usage and downloads. However, the app was not listed among the current top apps for malware downloads.
This may change as threat actors start to see its popularity justifying the economic case to direct more attacks via the app.
Paolo Passeri, cyber intelligence principal at Netskope, said, “It’s surprising that the retail sector still finds itself specifically targeted with botnets like Mirai. The fact that attackers continue to use it to target IoT devices shows that too many organisations continue to dangerously overlook the security posture of their internet-connected devices.”
“This poses a significant risk not only for the targets of the attacks launched from the IoT botnet but also for the organisation whose IoT devices are enslaved into the botnet, since their exploitation can easily lead to outages that impact the functioning of the business,” Passeri added.
The report made recommendations for best practices to counter these threats:
Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating the network.
Ensure that high-risk file types like executables and archives are thoroughly inspected using static and dynamic analysis.
Configure policies to block downloads and uploads from apps and instances that are not used in the organisation to reduce the risk surface.
Use an intrusion prevention system that can identify and block malicious traffic patterns.
Use remote browser isolation technology to provide additional protection when visiting websites that fall into categories that can present higher risk.
