Darktrace, a global leader in cyber security artificial intelligence, today released new cyber-threat trend retail sector report revealing 2022 attack data observed across its global customer fleet.
“The retail-specific report is the first of their kind released by Darktrace, representing an important effort to surface the data underpinning the rapidly evolving threat landscape that we are defending against,” commented Toby Lewis, Global Head of Threat Analysis, Darktrace.
Lewis further commented, “The surge in credential-based attacks across the retail sector reflects the fact that identity theft will be a key trend for 2023, increasing the need for AI-based behavioral analytics for understanding employee actions in rich context and authenticating the actions taken using certain credentials.”
Retail Sector: Key Findings
As online shopping remains popular, Darktrace’s retail sector report reveals that over the course of 2022, criminals increasingly turned toward credential theft, spoofing and stuffing to target this multi-billion-dollar industry’s online infrastructure. Notably:
- Credential theft, spoofing and stuffing accounted for over 170% more of all observed cyber incidents in the US retail sector in 2022 compared to 2021
- Credential theft, spoofing and stuffing accounted for over 14% more of all observed cyber incidents in the UK retail sector in 2022 compared to 2021
- Credential theft, spoofing and stuffing accounted for over 70% more of all observed cyber incidents in the Australian retail sector in 2022 compared to 2021
One threat find in the report from August 2022 details the discovery of a never-before-seen attack tool lying dormant inside a well-known UK automotive retailer. Months before Darktrace had been adopted by the retailer, one of its devices had become infected with novel malware that lay dormant, establishing a foothold and waiting for the right time to launch an attack. After deployment, Darktrace AI caught the malware when it made multiple authentication attempts using spoofed credentials for one of the organization’s security managers. If successful, the attack could have undermined the organization’s entire security posture, allowing malicious software to gain control of the company’s infrastructure from within.
