Cybersecurity in Shopping Centers: Latest Threats, Trends, and Methods Used by Cybercriminals

Shopping centers and retailers have become a prime target for cybercriminals in recent years, with high-profile data breaches making headlines and exposing the sensitive information of millions of customers.

Shopping centers are vulnerable to a variety of cyber threats and attacks, ranging from point-of-sale skimming to sophisticated ransomware attacks. As the retail industry continues to evolve and adopt new technologies, it is critical for shopping centers to stay informed about the latest threats, trends, and attack methods used by criminals and take proactive  steps to protect their systems and customer data.

 

 

Latest Threats and Trends 

Increased use of cloud services and the Internet of Things (IoT): The rise of cloud services and the Internet of Things (IoT) has revolutionized the way shopping centers and retailers operate. However, these new technologies also cause new security risks. Data security challenges arise when more and more data is stored in the cloud, when the number of data and users increases, the vulnerabilities that cybercriminals look for in order to attack cloud servers and IoT devices to steal sensitive data also increase.  

How to prepare for these vulnerabilities brought by technologies and their users?

It is essential for shopping centers to implement solid security measures to protect their sensitive data by knowing the cloud service provider, understanding the responsibilities and considering what kind of data should be stored in the cloud. The same applies to IoT service providers, in addition to the above, the safety and proper implementation of the devices connected to the operating environment must be taken into account. 

The Rise of E-commerce and Mobile Payment Systems: With the increasing popularity of e-commerce and mobile payment systems, shopping centers and retailers must take extra precautions to protect their payment systems from attack. The rise of e-commerce and mobile payment systems has made it easier for criminals to target shopping centers with cyber attacks. Criminals may use techniques such as point-of-sale (POS) skimming or malware to steal credit card information.  

How to prepare for these vulnerabilities brought by technologies and their users?

Shopping centers must be vigilant and implement robust security measures to prevent these attacks, such as encrypting sensitive information and using secure payment gateways. 

A Growing Number of Third-Party Vendors and Partners: A growing number of third-party vendors and partners is making it more challenging for shopping centers to ensure the security of their systems and data. Shopping centers and retailers often rely on third-party vendors and partners for critical services such as payment processing, marketing, and supply chain management. However, these third parties can also represent a significant security risk, as cybercriminals can target them to gain access to sensitive data.   

How to prepare for these vulnerabilities brought by technologies and their users?                          

Shopping centers must conduct regular risk assessments of their third-party partners, and implement security measures such as secure data transmission protocols and encryption. 

Increased Focus on Supply Chain Security: In recent years, there has been a growing focus on supply chain security, as cybercriminals have increasingly targeted the weak links in the supply chain to steal sensitive data. Supply chain security is becoming increasingly important for shopping centers as they seek to protect their systems and data from potential breaches. Shopping centers must work with their suppliers and vendors to implement best practices for data security, such as regular security audits and risk assessments.  

     How to prepare for these vulnerabilities brought by technologies and their users?

Shopping centers and retailers must be proactive in securing their supply chain, including conducting regular risk assessments and implementing best practices such as supplier due diligence. 

Adoption of New Technologies, such as Facial Recognition and Autonomous Vehicles: Shopping centers and retailers are always looking for new ways to innovate and stay ahead of the competition. Shopping centers are adopting new technologies, such as facial recognition and autonomous vehicles, which are creating new security challenges, as cybercriminals can target these systems to steal sensitive data.  

How to prepare for these vulnerabilities brought by technologies and their users?

Shopping centers must stay informed about these new technologies and implement robust security measures to prevent attacks. 

Threats and trends in summary  

Shopping centers need to stay up to date with the latest threats and trends in order to effectively protect their systems and customer data. This must include integrating cyber security into the mall’s operational strategy, investing in cyber security technologies and services, conducting regular risk assessments and security audits, and implementing best practices such as employee training and incident planning and training.

As shopping centers increasingly rely on digital technologies, they are exposed to new vulnerabilities that can have significant consequences for both customers and the business. These vulnerabilities can range from cybersecurity threats such as data breaches and malware to technical failures that can disrupt daily operations. Shopping centers must be proactive in identifying and mitigating these risks in order to protect sensitive information and maintain the trust of customers. 

 

 

 

Attack Methods Used by Cybercriminals 

Shopping malls have become an increasingly attractive target for cybercriminals, who use a variety of tactics to compromise the security of these organizations. Here are some of the most commonly used cyber attack methods against malls: 

Denial-of-service (DoS) attacks are one of the most common types of cyber-attacks that target shopping centers. The goal of these attacks is to overwhelm the target’s systems, rendering them unavailable to users. This can cause significant disruption to operations, resulting in a loss of revenue and damage to the shopping center’s reputation. 

DoS attacks are usually accomplished by flooding the target’s systems with a large amount of traffic, either by sending a large number of requests to the server or by exploiting a vulnerability in the network infrastructure. The result is a system overload, causing the target’s systems to become unavailable. 

Shopping centers are particularly vulnerable to DoS attacks, as they rely heavily on technology for their operations. From online shopping platforms to point-of-sale (POS) systems, these organizations have many systems that can be targeted by cyber criminals. 

To prevent DoS attacks, shopping centers should implement measures such as firewalls, intrusion detection systems, and load balancing solutions. These tools can help identify and block malicious traffic before it reaches the target’s systems. Additionally, shopping centers should also conduct regular security audits and software updates to ensure that their systems are protected against the latest threats. 

In conclusion, DoS attacks pose a significant threat to shopping centers and can result in significant financial and reputational damage. By implementing robust security measures and staying up to date with the latest threats, shopping centers can reduce the risk of these types of attacks and ensure the availability of their systems for their customers and stakeholders. 

Ransomware attacks are cyber-attacks where criminals infect a computer system with malware, encrypt critical data, and demand payment in exchange for the decryption key. Shopping centers are vulnerable to ransomware attacks because they often have large amounts of sensitive customer and financial data, as well as critical business systems that need to be operational for daily operations. 

The effects of a ransomware attack on a shopping center can be devastating, including: 

  • Disruptions to daily operations 
  • Loss of access to critical data and systems 
  • Financial losses from ransom payments, data recovery efforts, and lost revenue 
  • Damage to reputation and loss of customer trust 
  • Difficulty with insurance claims and legal issues. 

To prevent and mitigate the effects of ransomware attacks, it is important for shopping centers to have a robust cybersecurity plan in place that includes regular software updates, employee education, strong passwords, secure backups, and an incident response plan. 

Phishing and Social Engineering: Phishing attacks and social engineering are among the most common tactics used by cybercriminals to steal sensitive information from shopping centers and retailers. These attacks may take the form of fake emails, text messages, or phone calls, and are designed to trick victims into revealing their login credentials or other sensitive information. Phishing and social engineering attacks are becoming increasingly common, and shopping centers must educate their employees about these threats and implement robust security measures to prevent them. 

Network and System Compromise: Cybercriminals can compromise the network and systems of shopping centers and retailers in a number of ways, including exploiting vulnerabilities in software and hardware, stealing login credentials, or using malware to gain unauthorized access to sensitive data. Shopping centers must implement robust security measures, such as firewalls, antivirus software, and intrusion detection systems, to prevent these types of attacks. 

Point-of-Sale (POS) and Payment: Card Skimming POS skimming and payment card skimming are tactics used by criminals to steal credit card information from customers at the point of sale. These attacks can be especially damaging to shopping centers and retailers, as they can result in the loss of large amounts of sensitive data. Shopping centers must implement robust security measures, such as encryption and secure payment gateways, to prevent these types of attacks. 

Third-Party Vendor Compromise: Third-party vendor compromise is a growing threat to shopping centers, as criminals target these systems to steal sensitive information. Shopping centers must conduct regular risk assessments of their third-party partners and implement security measures such as secure data transmission protocols and encryption. Shopping centers must conduct regular risk assessments of their third-party partners and implement security measures such as secure data transmission protocols and encryption. 

Advanced Persistent Threats (APTs): Advanced persistent threats (APTs) are sophisticated attacks that are designed to evade detection and persist over a long period of time. Shopping centers must implement robust security measures, such as firewalls, intrusion detection systems, and employee education, to prevent these types of attacks. Shopping centers must implement robust security measures, such as firewalls, intrusion detection systems, and employee education, to prevent these types of attacks. 

In conclusion:  

Shopping centers face a range of threats from cyber criminals, who are using a range of tactics to compromise the security of these organizations. Shopping centers must implement robust security measures, such as encryption, secure payment gateways, and employee education, to prevent these types of attacks and protect their systems and data. It is important for shopping centers to take proactive steps to prevent cyber-attacks and minimize their potential impact. This includes regularly updating software, using strong passwords and encryption, and training employees on cybersecurity best practices. Additionally, shopping centers should implement measures to secure their networks and monitor their systems for potential threats and have an incident response plan in place to quickly respond to a breach. By taking these steps, shopping centers can reduce the risk of cyber-attacks and ensure the security and privacy of their customers and stakeholders.

Targets attacked (known), method/vulnerability used and the criminal groups attacked 

Coop Sweden 2021 – Some 500 Coop supermarket stores in Sweden have been forced to close due to an ongoing “colossal” cyber-attack affecting organisations around the world.

  • Coop Sweden says it closed more than half of its 800 stores on Friday after point-of-sale tills and self-service checkouts stopped working. The supermarket was not itself targeted by hackers – but is one of a growing number of organisations affected by an attack on a large software supplier the company uses indirectly. 
  • The attack involved ransomware, and the attackers demanded a ransom payment for the decryption of the company’s encrypted data. Coop did not disclose the details of the attack, but it is known that the attack caused significant disruptions to the company’s operations, including the temporary closure of some of its stores. 
  • The attack highlights the ongoing threat of ransomware attacks and the potential consequences for organizations that rely on technology and sensitive customer data. Coop’s experience serves as a reminder of the importance of having robust cybersecurity measures in place, as well as the importance of having a well-prepared incident response plan to mitigate the impact of a cyber-attack. 

Attacks on Tesco, 2016, 2021 and 2022                                                                                                          

Costco suffered a data breach in 2021 after finding a payment card skimming device had been set up in one of its warehouses.  

In December of 2021, supermarket chain Spar was met with an online attack on its IT systems. This affected around 330 SPAR stores across the North of England, impacting the stores’ ability to process card payments. This attack forced several SPAR stores to close or only take cash payments. The National Cyber Security Centre and Lancashire Constabulary were brought in to investigate the attack. 

In April of 2022 The Works said all debit and credit card transactions were processed outside its systems by third parties so customer payment data had not been compromised by the attack. But the company was forced to hire forensic cybersecurity experts to investigate the attack, and didn’t know if other data had been accessed. 

With the increase in technological solutions, shopping centers have become increasingly vulnerable to cyber attacks in recent years. Below are some examples of the most significant cyber-attacks on shopping centers in recent years: 

  • Target Corporation: In 2013, Target Corporation suffered one of the largest data breaches in history when hackers stole the credit and debit card information of 40 million credit and debit card accounts and the personal information of 70 million customers. The breach occurred due to a vulnerability in Target’s point-of-sale (POS) systems and cost the company hundreds of millions of dollars in expenses and lost sales. 
  • Home Depot: In 2014, Home Depot breach in 2014: Hackers stole 56 million payment card numbers and 53 million email addresses from the home improvement retailer. The breach occurred due to a vulnerability in the company’s payment systems and was one of the largest data breaches in history at the time. 
  • Neiman Marcus: In 2014, luxury retailer Neiman Marcus suffered a data breach that resulted in the theft of the credit card information. Hackers stole credit card information from 1.1 million customers and personal information from another 350,000 customers. The breach was one of the largest attacks targeting the retail industry in recent years and was a reminder of the importance of securing payment systems and data. 
  • Sears and Kmart: In 2014, Sears and Kmart, two of the largest retailers in the US, suffered a data breach that resulted in the theft of the payment card information of millions of customers. The breach was one of the largest attacks targeting the retail industry in recent years and was a wake-up call for the industry to improve security measures. 
  • Yahoo: In 2016, Yahoo suffered one of the largest data breaches in history, resulting in the theft of the personal information of all 3 billion of its user accounts. The breach was a significant blow to the company and resulted in a decline in user trust and a significant drop in its stock price. 
  • Wendy’s breach in 2016: More than 1,000 Wendy’s restaurants were affected by a data breach that impacted customers’ payment card information. 
  • Forever 21 breach in 2017: A breach affecting a significant number of the fashion retailer’s point-of-sale registers led to the theft of credit card information. 

More numbers 

  • TJX Companies data breach in 2007, affecting 45.7 million credit and debit card accounts 
  • Equifax data breach in 2017, affecting 147 million people’s personal data 
  • Capital One data breach in 2019, affecting 100 million individuals in the US and Canada 
  • Macy’s data breach in 2019, affecting customers’ payment card information 
  • Marriott International data breach in 2018, affecting 500 million guests’ personal data. 

These attacks serve as a reminder of the importance of strong cybersecurity measures to protect sensitive customer and financial data, as well as the potential consequences of data breaches for both customers and the affected businesses. 

In conclusion: 

Cyber-attacks targeting shopping malls have become a significant threat in recent years. Retailers must take proactive measures to secure their systems and data and be vigilant about new and evolving threats. By taking these steps, shopping malls can protect themselves, their customers, and their reputations from the consequences of data breaches and cyber-attacks. 

Cybercriminals 

There are several known criminal groups that are known for conducting cyber-attacks on shopping malls and other businesses. Some of the most prominent include:

  • APT28 (Fancy Bear): A Russian state-sponsored hacking group that has been implicated in several high-profile attacks. 
  • Lazarus Group: A North Korean state-sponsored hacking group responsible for several major attacks, including the WannaCry ransomware attack in 2017. 
  • Silence: A financially motivated hacking group known for their involvement in multiple cyber-attacks targeting financial institutions. 
  • Cobalt Gang: A criminal group known for their use of ransomware in attacks on banks, ATMs, and other financial institutions. 
  • Maze: A ransomware gang known for their targeted attacks on high-profile organizations and their use of data exfiltration in addition to encryption.         

In summary:

It is important to note that the landscape of cybercrime is constantly evolving, and new criminal groups can emerge at any time. This is why it is critical for organizations, including shopping malls, to prioritize cybersecurity and stay informed about the latest threats and trends. 

It’s good to remember that cybercriminal groups (nation-state or not) operate professionally and their goal is always to harm the victim, whether it’s money, reputational damage, politics or some other show of power. 

 

Article written by Kirsi Toppari, Senior Advisor, Cybersecurity, Hellenberg International