Retail faces continued threat from IoT botnets

A new report from Netskope Threat Labs sheds light on the major cloud threats targeting the retail industry over the past year. The key malware families deployed by attackers were IoT botnets like Mirai, remote access tools, and infostealers aimed at stealing customer payment data and credentials.

Paolo Passeri, Cyber Intelligence Principal at Netskope, said: “It’s surprising that the retail sector still finds itself specifically targeted with botnets like Mirai as attackers look to compromise vulnerable or misconfigured IoT devices across retail locations and abuse them to dramatically amplify the effect of a Distributed Denial of Service (DDoS) attack.”

The Mirai botnet continued infiltrating the retail sector by compromising vulnerable IoT devices like routers and cameras. These enslaved devices provide reconnaissance for attackers or get abused for amplifying DDoS attacks. Mirai’s source code leak has spawned numerous new variants.

“Mirai is not a particularly recent threat, and since its discovery in 2016, there are now multiple variants used today. The fact that attackers continue to use it to target IoT devices shows that too many organisations continue to dangerously overlook the security posture of their internet-connected devices,” added Passeri.

“This poses a significant risk not only for the targets of the attacks launched from the IoT botnet but also for the organisation whose IoT devices are enslaved into the botnet, since their exploitation can easily lead to outages that impact the functioning of the business.”

Remote access trojans were also widely used, enabling browser access, remote camera viewing, and relaying attacker commands. Passeri expressed surprise that outdated threats like Mirai still find success against retail organisations with unpatched IoT vulnerabilities.

The report identified a shift in popular cloud apps, with Microsoft products like Outlook and OneDrive supplanting Google’s suite over the past year among retailers. OneDrive remained the top malware delivery vector across industries by exploiting user trust.

Some other retail-specific findings:

  • WhatsApp usage was 3x higher than other sectors
  • Social apps like X, Facebook, and Instagram saw higher usage 
  • The Qakbot malware operation continued impacting retail after its disruption

“The fact that botnets like Mirai and infostealers like Quakbot continue to be among the top methods attackers use to target retail organisations shows security leaders still have much to do to fortify their infrastructure and endpoints,” explained Passeri.

“Fortunately, following fundamental cyber hygiene best practices like inspecting web and cloud traffic and ensuring you can block malicious traffic and isolate compromised endpoints or domains will reduce the risk that you fall victim to these attackers.”   

The report analysed anonymised data across Netskope’s 2,500+ customers in the retail sector. Full recommendations and methodology are available in the complete report here.

(Photo by Alessio Ferretti)

See also: America’s FCC introduces IoT cybersecurity labelling

Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Cyber Security & Cloud Expo, AI & Big Data Expo, Edge Computing Expo, and Digital Transformation Week.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: botnet, cyber security, cybersecurity, ddos, Enterprise, infosec, internet of things, IoT, malware, mirai, netskope, quakbot, report, research, study