Exploring Retail’s Cyber Threat Landscape - Alexandra Forsyth

yes hello my name is Alexandra and I'll be talking to you about the retail in e-commerce threat landscape today I hope you've all had a good day so far as well so for the agenda I will introduce myself I will then go into some of the key trends that we've identified for this year I will talk about what is the role of e-commerce today and then I will go into a value chain and I then talk about some use cases that I've identified such as skimming and dark web analysis I will talk about some of the cyber security considerations and then I will finish with those actions and closing remarks so as I said before my name is

Alexandra forite and I'm a threat intelligence analyst with accenta and I work within their exenta cyber intelligence team I've been with them for around a year now and I've been within the industry for threat intelligence for around two and a half years so I do strategic research which means means I look at open source data and I collect the findings and I deliver that to clients and we also look at our internal databases of close Source data and feed that into the reports as well and then prior to that I mentioned to Dan who just presented it's really nice to see that more people it didn't necessarily come from a technological background I didn't I studied

criminology at University it happens you can make a way in so I just want to make that clear so if we look on the screen we can see the retail and e-commerce cyber threat landscape for this year and some of the trends I wanted to pick out some news clippings this is what we're seeing in open source and some of the trends are ransomware so double extortion triple extortion this year more focus on data extortion instead of encryption um I hope that you might be familiar with that if not I can explain it a little bit later on and also dos activity for retail and e-commerce we see dos l a lot over the Cyber Monday and Black Friday

and I have some use cases which I'll talk about a little bit later on and then we have the Grinch bot which is botnet activity and they specifically Target retail and e-commerce in order to bulk purchase inventory to prevent the retailer from sales and also we have card skimming and I have a use case again later on which I'll talk about um it's particularly to do with magecart malware which is a type of malware that specifically targets the checkout process on a retailer or e-commerce's site again the retailer tends to lose out but so does the consumer as well so what is the role of e-commerce today this is kind of a wheel scenario so if we look in the center we have

three key data points this is what retailers want we want to be able to offer the customer experience we want them to feel like they have a journey when they shop online we want to offer goods and services through digital channels and we want to retain those customers it's all about loyalty and it's all about trust so 19% retail sales worldwide in 2022 and we know that that is skyrocketed already in 2023 as we move round the wheel we can see that there's social commerce we also have mobile Commerce which is increasing this year particularly and we know that it will increase in 2024 and what I mean by mobile Commerce is that you can buy

goods and services through your mobile or your smartphone and then but when we go around the re the wheel a little bit more we can see card skimming has increased by around 77% this year and some of the top Avenues so if we think about Reta e-commerce Omni Channel not a term we particularly like to use for the industry but Omni Channel means there's social media there's websites there's a loyalty app there's a mobile app there's so many different avenues that you can pick to buy your goods and services but also from a cyber security perspective it's a way in there's more vulnerability so you have to think about that and the value chain so as I mentioned I

work within the Accentra cyber intelligence team and a value chain is something quite bespoke to us it's such a good way and it's one of the best parts of my job really is I get to look at an industry and do something like a road map it's a high level overview so if you look at the retail e-commerce this is the key asset so to speak so you have the brand marketing and we would put that in Orange so it would be a medium whereas if we journey through to point of sale and customer support we put it at a high or a very high Threat Level because we know that there's spoofing there's fishing point of sale

there's card skimming there is brand impersonation and brand infringement at Brand marketing level but more than less we would put it as a medium but again on this slide it's a really good way of having your threat actors there what are they motivated by so you've got your cyber criminals which could be your ransomware groups but then you've got your Insider threats which could be aiding the criminal organization or they could just be because they have access to the goods and services stealing them and then selling them online for a cheaper value so it's just a good way of looking at it and thinking these the threat actors this is what they're motivated by that financial gain

disruption and then you have your Global key threats so are they buying pre- compromised credentials on the dark web and then using that online are they deploying ransomware or dos for maximum disruption thinking about those types of things as well as web skimming but I'll come on to that next so one of the use cases I wanted to point out today was card skimming something really prevalent that we see for retail and e-commerce it's not just at a digital level but it's also at a physical level so say you want to go into a retail store and withdraw cash be mindful that when you're entering your card details or your credit card into the machine someone could have placed

something on top of the Chip and pin or when you insert your card to retrieve your information and then it turns into a digital threat so when they've got your information they can go online and use your stolen credit card details to book purchase inventory to create multiple accounts online it's all about thinking you know physical and digital they're combined so when we think also think about the digital element ACI data base we monitor the dark web for discussions about say Mage cart malware which as I mentioned targets the checkout process through the retail e-commerce sites there's around 13 different groups right now that we've identified as a whole and like I said we monitor the dark web for those

discussions are there any custom tools being made um and we go from there and we're able to report that back to the clients because again all of the information that we have we want to put that [Music]

forward sorry I just got a little bit ahead of myself and so the NEX case I wanted to point out was the state of carding report so this is our we have different teams within exential cyber intelligence so I'm part of Consulting we have dark web and then we also have research this is a report that's come from the dark web team so they've spoken to us and they've identified three of the most prominent carding marketplaces on the dark web so you have verified omata and crd Club these are the types of goods and services that they're offering and this is as I say very recent so these are the types of goods and services that

are currently being offered we have SM SMS spam so links to fishing could link to spreading malware we have the onetime password B which is really interesting because if you buy bots on the dark web you could launch quite targeted attacks against loyalty programs and obviously that's really prevalent for us as Shoppers and then you have the reshipping schemes and you have buying and selling credit cards in general so I've spoken a lot about cyber security considerations there's a lot of text on the screen I won't read it all but as I said I've spoken a lot about cyber security in general but Ai and fraud I put a little bit of a tibit in

here here I do know that with AI and fraud it could be its own presentation I can't talk about everything now but what I can say is we know with AI it's proliferated this year completely skyrocketed across all Industries not just retail and e-commerce but it is being used to monitor suspicious activity automate those processes for retailers but off the back of that from a cyber security perspective it could be used to enhance fishing potentially could be used to create custom malware but it would take a level of sophistication in order to do that so in 2024 could we see that happen maybe but right now it does take a level of sophistication to do it um and then also

deep fakes synthetic identities as well and dos as I mentioned at the beginning is increasing and we had a use case over Black Friday where a retailer was targeted constantly over Black Friday and they lost around 60 million in sales so it's it's just looking at that you know disruption short-term long-term Financial that will lead them into 2024 and I'm going to have to go quite quickly I know I've got about four minutes left but if you do get a chance please read the entering through the gift shop akam my report it's fantastic talks about web attacks around 14 billion for this year also talks about ransomware so you've got your Cony lock bit black cat groups these the most

prolific for retail um something that we monitor all the time so please do check that out and as I mentioned Mage cart throughout as well if you do get a chance and you want to learn a bit more about how to protect yourselves you can um use open source for that and so this is a topdown approach for Action so this is what we would put forward to the retailers to our clients we would say you can monitor your social media for adverse commentry can do that cyber awareness training and I really think in 2024 this is something that we should be thinking about not just internal training but what can we do for the public for us so could we put a

campaign out there and just do a type scenario thing and then as you go down it gets a little bit more stealthy you would need to think about what types of teams you have so securing your software securing your payments depending on if you're going through a third party thinking about your endpoint detection so your seam and your saw what type of detection do you have in place and your protocols and policies as you go down it's more longterm the top is really shortterm this is what you can do now and then as I round up my closing remarks what do we hope to see for 2024 we will see more sophisticated cyber attacks more ransomware definitely

targeting retail Mage cart malware and just malware in general we'll still see it skimming targeting retail but thankfully I think in 2023 what we have seen is more clients being aware of cyber security they want to know more they don't just want to know okay so this is what my industry looks like what can we do and that's what I said in the previous slide you know those protocols and policies thinking about how you can secure your endpoints those the technical aspects that they want they want to know what can they do forward not just the Strategic part which is me I would need to collaborate with other teams in order to help them further so I want to say thank you very

much it's been an absolute pleasure to give you 15 minutes if you have any questions I'm happy to answer I'm here for a little bit longer if you'd like to come and talk to me and thank you so [Applause] much thank you have we got any questions the rest we have um yeah you mentioned you didn't have a technical or computer background before you uh worked in uh CTI what would be your advice to people wanting to start working in CTI someone who's now working yes I think um I think Dan put up some really good um sources on the screen so Udi open University and cbrar I think it was I used all of those

um so before I came into threat intelligence I just did the same thing as him I just constantly wanted to learn through open source which is where you can find the resources I went through so many interviews it's really hard like I'm not going to stand here and say I got the first job I didn't I think I did about 15 interviews and that's just the first round interviews I'm not talking about the Practical or having to do even further but just remain persistent remain curious and just remain passionate if you really want to do it you can um and you can always find me on LinkedIn if you ever want any advice or you ever need anything further then I'm

I'm happy to help but yeah it's possible any other questions thank you very much thank you so [Applause] much