Emerging as a significant concern for cybersecurity in retail, generative AI continues to raise alarms in recent reports.

Cybersecurity and managed services expert, Trustwave, has published a detailed analysis titled '2023 Retail Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,' addressing the challenges posed by generative AI. Trustwave The report specifically identifies generative AI, malicious bot activities, and the growth of third-party endpoints as critical threats that could compromise the safety of retail operations. AI Retailers, on average, suffer losses of $2.9 million due to data breaches annually, while consumers lose approximately $8.8 billion each year as a result of various scams.

As per the report The report not only delineates the risks confronting retailers but also offers actionable insights and strategies to fortify their defenses. Despite existing security alerts every holiday season, the tactics employed by scammers continue to adapt and become more sophisticated.

It further sheds light on the cybersecurity Karl Siger, the Senior Security Research Manager at Trustwave SpiderLabs, remarked to Metaverse Post, 'Traditional methods such as phishing, malware distributed through emails, and exploiting known vulnerabilities remain significant risks. In this report, we've uncovered new phishing techniques coupled with emerging technologies, such as generative AI being utilized for social engineering attacks.'

Additionally, the report discovered that 70% of harmful emails received by retail customers included HTML attachments, with 30% of those being obscured to evade detection.

Technologies like WormGPT and FraudGPT are enhancing the personalization of email phishing attacks, making them even more effective. LLMs Why is this critical? Following the pandemic, there's been a notable shift towards e-commerce, rendering retailers increasingly susceptible to cyber threats.

Online retailers typically handle vast amounts of sensitive customer information, including credit card details and shipping addresses. Furthermore, these retailers heavily depend on third-party providers for essential services such as website hosting and payment processing, raising security concerns if these vendors are not meticulously vetted and supervised.

Karl Siger further elaborated, stating, 'Our observations indicate a significant uptick in malicious bot activities during the holiday shopping season, which poses a considerable risk to online retailers. These bots are involved in various automated threats including credential stuffing, account takeovers, gift card cracking, web scraping, API scraping, creating fake accounts, and inventory scalping.'

LockBit Ransomware Emerges as a Major Security Concern

In reported incidents within retail, compromised credentials account for a staggering 30% of all cyberattack methodologies. Automated bots facilitate a wide array of malicious actions, from scalping to exploiting freebies.

For instance, last Black Friday and Cyber Monday, Grinchbots and Freebie Bots managed to acquire products worth $500,000 from a single retailer and are anticipated to deplete inventories of desirable holiday items this year.

'LockBit's appeal stems from many factors, chiefly its user-friendliness for criminals with minimal technical skills, making it the most accessible Ransomware as a Service (RaaS) on the market. It is continuously updated with new functionalities. Its growing reputation for reliability and sophistication serves to attract even more users,' Karl Siger from Trustwave SpiderLabs noted.

This risk landscape is similar across all ransomware threats.

“The advice we recommend for LockBit 'It’s essential to maintain robust backups that are isolated from critical systems and data. Ransomware is frequently introduced through phishing emails, thus including phishing prevention in your ongoing security training can help stop malware before it gets a chance to install,' Siger emphasized to Metaverse Post.

The United States stands as the most targeted region for a variety of industries, primarily due to two reasons: American companies generally have the most valuable assets to lose, and the U.S. boasts a vast and reliable internet infrastructure with desirable computing resources and bandwidth.

Please keep in mind that the details presented on this page are not intended as legal, tax, investment, financial, or any other form of counsel. Always invest what you can afford to lose, and seek independent financial guidance if you have any reservations. For more details, we recommend reviewing the issuer or advertiser's terms, conditions, and help resources. MetaversePost is dedicated to providing precise and impartial reporting, though market circumstances may change without prior notice.