Netskope Threat Research Labs said it has discovered and been tracking multiple email phishing campaigns aimed at third-party partners of some larger retail organizations, according to a Netskope blog post.
The blog post contains descriptions and detailed figures of the email content used in the campaigns. The emails are "specifically crafted to lure the warehouse managers and other smaller firms who provide inventory support to larger retail businesses," according to Netskope.
Ravi Balupari, director of engineering and cloud security research at Netskope, told Retail Dive via email that retailers' adoption of cloud applications is creating new security challenges for them. "Most retail organizations have covered the traditional surface areas for the threats but adoption of cloud apps brings a whole new dimension to this attack surface," Balupari said.
Netskope didn't offer any details about specific retailers that might be most threatened by these attacks, but added that the holiday season in general represents a potentially lucrative time for phishing attackers and spammers, with traffic to the sites of retailers and their partners at its height. This season also puts pressure on the retail industry to build up their inventory to meet the seasonal demand.
Attackers will look for any point of weakness in a retailer's enterprise that they can exploit, and even if retailers themselves are extensively protected, the same may not be true of the companies they work with. "They are looking for the weakest links, and in this case it is the partners," Balipuri said.
While the adoption of cloud applications has likely improved operational efficiency for retailers, it comes with its own challenges, one of which is a certain vulnerability to security attacks. "[D]elivering a malware/exploit into the retail enterprise via a partner becomes so much more eas[y] and plausible," Balupari said. "If a partner is infected and delivers a self-propagating malware into the retail enterprise's CRM account, the attacker could claim victory for the first step in the attack kill chain."
In this case, a partner's "security hygiene," as Balupari describes it, is a crucial element in the protection of the entire ecosystem. "The retail organizations should approach the problem with the assumption that a number of their interface points with partners and vendors will be un-protected," Balupari said.
The good news is that many retail firms seem to already understand this, and are seeking out cloud-scale protection solutions to detect and remediate cloud threats, and are enforcing policies on usage of unsanctioned services, as well as unsanctioned instances of sanctioned cloud services.
Other recommendations from Netskope include performing malware scans on all uploads from unmanaged devices to sanctioned cloud applications, on all uploads from remote devices to sanctioned cloud applications for malware, on all downloads from unsanctioned cloud applications, and on all downloads from unsanctioned instances of sanctioned cloud applications.
Cyberthreats are already keeping 30% of consumers off the web this holiday season, so retailers should be careful about addressing security threats if and when they do occur, even if they're internal. Not only could news of scams scare shoppers away from a brand, but they could cost the retailer serious money in other ways as well.