Cybersecurity

Category

RH-ISAC: Sophisticated card skimmer targets WordPress checkout pages via database injection

RH-ISAC
Jan 2025
Open Modal

RH-ISAC: Sophisticated card skimmer targets WordPress checkout pages via database injection

RH-ISAC
|
Jan 2025

What: Security researchers have identified a new malware variant that compromises WordPress e-commerce sites through database manipulation, capturing credit card data during checkout while circumventing standard security protocols.


Why it is important: The emergence of this sophisticated malware highlights a critical vulnerability in retail payment infrastructure at a time when digital transactions represent 70% of global sales, threatening both merchant operations and customer trust.


A sophisticated credit card skimming malware, designated as malware.magento_shoplift.273, has emerged as a significant threat to WordPress-based e-commerce sites. The malware employs an innovative approach by injecting malicious JavaScript directly into the website's database, specifically targeting the wp_options table's widget_block entry. This method allows it to evade traditional security measures that focus on file-based malware detection.


The skimmer activates exclusively on checkout pages, either by hijacking legitimate payment fields or creating convincing fake credit card forms to capture sensitive data. The stolen information, including credit card numbers, CVV codes, and billing details, undergoes Base64 encoding and AES-CBC encryption before being transmitted to attacker-controlled domains. The malware's sophisticated design enables it to operate stealthily, using the navigator.sendBeacon function to exfiltrate data without disrupting normal user activity. This development presents a particular challenge for retail and hospitality sectors, where e-commerce platforms are crucial for daily operations.


IADS Notes: The discovery of this sophisticated card skimmer represents a concerning evolution in retail cybersecurity threats. In December 2024, Stripe blocked nearly 21 million fraudulent transactions worth USD 917 million during just one weekend, highlighting the scale of payment security challenges. The skimmer's technique mirrors the June 2024 Neiman Marcus breach, where attackers compromised cloud databases to access customer data. With mobile transactions now accounting for 70% of global sales, this threat is particularly significant for retailers navigating digital transformation while maintaining security.


Sophisticated card skimmer targets WordPress checkout pages via database injection

Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC: Holiday season cyber threat trends 2024

RH-ISAC
Dec 2024
Open Modal

RH-ISAC: Holiday season cyber threat trends 2024

RH-ISAC
|
Dec 2024

What: RH-ISAC has released its Holiday season cyber threat trends 2024.


Why it is important: For the retail, hospitality, and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats. From the beginning of October through the end of December, cyber threats to organizations expand in both scale and intensity to match the rise in consumer traffic.


The key takeaways of member analysts’ provide critical insight into the active defensive trends in the retail sector. Social engineering and fraud remain critical concerns, with

various types of fraud increasing dramatically in the current period. Organizations are seeing an increase in the prevalence of call-based social engineering, loyalty and gift card fraud, and DoS attacks.


Holiday season cyber threat trends 2024



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC: Guest speaker presentation: Introduction to RH-ISAC 2024

RH-ISAC
Nov 2024
Open Modal

RH-ISAC: Guest speaker presentation: Introduction to RH-ISAC 2024

RH-ISAC
|
Nov 2024

Who: The Retail & Hospitality Information Sharing & Analysis Centre (RH-ISAC) is the cybersecurity sharing and collaboration community for the consumer-facing business sector. As Vice President of Membership, Luke is responsible for member growth and engagement, as well as as part of the leadership team overall organisational strategy. The RH-ISAC is a dynamic community with more than 250 member companies. It partners with key trade associations to strengthen the collective efforts to improve cybersecurity in our shared sectors. Before joining the RHISAC, Luke held similar positions at the Society for Corporate Governance and the Academy of Management.


Why it is important: Luke presented an overview of retailers' current cybersecurity threats. He highlighted ransomware, social engineering, and third-party risks as the most significant concerns. He explained RH-ISAC's function as a non-profit cybersecurity organisation partnering with retailers. His presentation highlighted the partnership inked between the IADS and RH-ISAC as an exclusive perk to its members. It was part of the 2024 programme, during which every IADS partner came to introduce their actions to the CEOs.


Introduction to RH-ISAC 2024



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC: The financial impact of cyberattacks on department stores

RH-ISAC
Oct 2024
Open Modal

RH-ISAC: The financial impact of cyberattacks on department stores

RH-ISAC
|
Oct 2024
Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC August 2024: Monthly Leadership Briefing

RH-ISAC
Aug 2024
Open Modal

RH-ISAC August 2024: Monthly Leadership Briefing

RH-ISAC
|
Aug 2024

What: RH-ISAC has released its monthly leadership briefing. In August 2024, third-party breaches and supply chain vulnerabilities continued as the primary driving force for the retail and hospitality community threat landscape.


Why it is important: The ongoing third-party breaches and supply chain vulnerabilities highlight the critical need for businesses and individuals to ensure the security of their digital interactions, as these incidents can directly impact the services they rely on daily. Additionally, the global outages caused by the Crowdstrike update and vulnerabilities in widely used services like TeamViewer and OpenSSH emphasize the importance of staying informed and prepared for potential disruptions that could affect operations, data privacy, and personal security.


For the month of July 2024, third-party breaches and supply chain vulnerabilities continued as the primary driving force for the retail and hospitality community threat landscape. The global outages resulting from a problematic Crowdstrike update consumed resources and attention of IT and cyber teams across global regions and industries in July, in addition to major vulnerabilities and incidents at ubiquitous services such as TeamViewer and OpenSSH.


August 2024: Monthly Leadership Briefing



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC: Crowdstrike & Windows outages report

RH-ISAC
Jul 2024
Open Modal

RH-ISAC: Crowdstrike & Windows outages report

RH-ISAC
|
Jul 2024

On July 19, 2024, there were signifficant Crowdstrike/Windows-related outages affecting nearly every industry globally. While these outages are not observed to be a security issue, they do involve security software. Here is some detailed information outlining the outages and how to mitigate the attacks. Due to the technical nature of this information, it is advised to direct it to a CISO or CIO.


Context

On 19 July 2024, widespread outages of Windows systems were reported across industries and global regions. According to BleepingComputer, "A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals.

The glitch is affecting Windows workstations and servers, with users reporting massive outages that took offline entire companies and fleets of hundreds of thousands of computers. […] The company revealed that the culprit is a Channel File, which contains data for the sensor (e.g. Instructions). Since it is just a component of the update for the sensor, this type of file can be addressed individually without removing the Falcon Sensor update."

As of this writing, Crowdstrike maintains that the issue is not threat-related.


Crowdstrike & Windows outages report



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC July 2024: Monthly Trade Association Briefing

RH-ISAC
Jul 2024
Open Modal

RH-ISAC July 2024: Monthly Trade Association Briefing

RH-ISAC
|
Jul 2024

What: RH-ISAC has released its monthly trade association briefing. In June 2024, third-party breaches and supply chain vulnerabilities were major threats in the retail and hospitality sectors, with significant vulnerabilities found in GitLab, MOVEit, CDK, and Snowflake.


Why it is important: Understanding these primary threats and vulnerabilities helps organizations prepare for potential cyberattacks and ensure business continuity. Timely updates and mitigations are crucial to protect against known vulnerabilities and minimize exposure to cyber threats. Monitoring trends and identifying active threat actors enable organizations to prioritize their defensive strategies effectively.


For June 2024, third-party breaches and supply chain vulnerabilities were significant threats in the retail and hospitality sectors. Key vulnerabilities were identified in GitLab, MOVEit, CDK, and Snowflake, with the RH-ISAC Intelligence Team recommending updates and technological tools for managing them. Trends showed a shift in TTPs, with Carbanak, FIN8, and Black Basta emerging as top threat actors. Understanding these threats and implementing recommended mitigations is vital for maintaining robust cybersecurity defenses.


July 2024: Monthly Trade Association Briefing



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC: Retail & hospitality intellegence trends summary, Q2 2024

RH-ISAC
Jun 2024
Open Modal

RH-ISAC: Retail & hospitality intellegence trends summary, Q2 2024

RH-ISAC
|
Jun 2024

What: RH-ISAC has released its Retail & hospitality intellegence trends summary: April – June 2024.


Why it is important: This report underscores the ongoing reliance of cybercriminals on established threat vectors like phishing, emphasizing the need for businesses to strengthen their defenses against these common attacks. The continued focus on third-party and supply chain risks highlights the importance of robust vendor management and risk assessment processes to safeguard against potential breaches and disruptions. Through active participation in intelligence sharing and analysis, businesses can better anticipate and respond to evolving threats, ensuring their security strategies are both proactive and adaptive.


In the RH-ISAC Intelligence Trends Summary for Q2 2024, the retail, hospitality, and travel sectors continued to face significant security challenges, with phishing and fraud remaining the most reported threats. The report highlights the community's active intelligence sharing, emphasizing insights gained from analyzing threat trends, including the persistent risks from third-party and supply chain vulnerabilities.


Retail & hospitality intellegence trends summary: Q2 2024



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC Report: 2024 Organizational Security Structures report

RH-ISAC
Feb 2024
Open Modal

RH-ISAC Report: 2024 Organizational Security Structures report

RH-ISAC
|
Feb 2024

What: RH-ISAC has released another benchmark report "Prioritizing Security for Success - Analyzing Organizational Security Structures," in addition to their 2024 CISO report, that analyzes staffing data, organizational priorities, and other key indicators to offer insight into cybersecurity teams across the the consumer goods & services, retail, hospitality, and travel industries. This report can help teams discern security functions to prioritize amidst the evolving cyberthreat landscape.


This Cybersecurity Organogram Analysis dives into the organizational intricacies of cybersecurity functions, highlighting key functions that are paramount.


Why it is important: In the bustling realm of today's digital landscape, where data reigns supreme and cyber threats loom ever larger, safeguarding sensitive information has become an imperative for organizations worldwide. Amid this backdrop, Accenture in partnership with RHISAC, embarked on a research exercise, delving into the cybersecurity organizational structures by analyzing the Security Organograms of 66 companies across the Consumer Goods & Services (CG&S), Retail, and Travel & Hospitality industries.


Within this landscape, organizational structure emerges as the backbone of cybersecurity efforts, dictating how resources are allocated, strategies devised, and risks managed. Since the digital world connects everything, ensuring its security is essential, as digital exposure and vulnerabilities continues to expand.


First, prioritizing cybersecurity involves integrating it into organizational strategy and culture, requiring a clear understanding of risks and their potential business impact. This also highlights the importance of leadership endorsement in securing adequate resources and support for cybersecurity initiatives. Second, optimizing efficiency becomes possible by uncovering organizational inefficiencies or bottlenecks, enabling companies to streamline processes,allocate resources effectively and enhance operational efficiency. Third, examination of cybersecurity organizational layouts aids in identifying and mitigating potential security risks, allowing proactive measures to address vulnerabilities and shield against cyber threats.


The comparative analysis of cybersecurity structures across industries provide valuable benchmarks and insights into best practices, empowering organizations to adopt proven strategies and bolster their cybersecurity posture.


2024 Organizational security structures report



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC report: 2024 CISO Benchmark report

RH-ISAC
Jan 2024
Open Modal

RH-ISAC report: 2024 CISO Benchmark report

RH-ISAC
|
Jan 2024

What: The RH-ISAC CISO Benchmark Survey, conducted in partnership with Booz Allen Hamilton, reveals that a majority of Chief Information Security Officers (CISOs) anticipate increased budgets and staffing for cybersecurity in 2024, with a focus on vulnerability management and zero trust architecture.


Why it is important: This trend underscores a growing business recognition of cybersecurity risks and the need for enhanced program maturity amidst challenging budgetary conditions. It highlights the strategic areas where CISOs are investing resources to bolster security defenses against rising threats like Ransomware/Malware.


The 2024 outlook for cybersecurity within organizations appears promising, with 56% of CISOs expecting budget increases and 60% anticipating more full-time employees (FTEs). This optimism is part of a three-year trend, despite about 10% of CISOs bracing for budget cuts. The survey indicate a shift towards prioritizing vulnerability management and adopting zero trust architecture to mitigate threats effectively. Interestingly, there's a noted decrease in staff for Security Operations/Incident Response, which remains a highly outsourced service due to the demand for advanced security analytics and fraud detection.


The survey also provides guidance on budget allocation across various cybersecurity domains and suggests that CISOs expect to see improvements across all areas of their programs, especially in the "Recover" category of the NIST maturity analysis. Despite the potential of Generative AI as a business enabler, it poses significant concerns for security leaders, unlike the new SEC requirements, which seem to be of lesser worry as organizations review their existing plans with executive leadership.


This year's survey, with its highest participation rate yet, offer a comprehensive view of the current state and future directions of cybersecurity efforts across different sectors, emphasizing the critical role of CISOs in navigating the evolving landscape of digital threats and regulatory requirements.


2024 CISO Benchmark report



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC report: 2023 holiday season cyber threat trends

RH-ISAC
Dec 2023
Open Modal

RH-ISAC report: 2023 holiday season cyber threat trends

RH-ISAC
|
Dec 2023

What: RH ISAC reviews cybersecurity threats from the 2023 holiday season.


Why it is important:For the retail, hospitality, and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats. From the beginning of October through the end of December, cyber threats to organizations expand in both scale and intensity to match the rise in consumer traffic.


In order to examine the threat landscape facing members during the holiday season, RH-ISAC developed this report, the 2023 RH-ISAC Holiday Season Threat Trends Summary. The report is in four parts:


  1. Member Perspectives: In which key subject matter experts from leading member organizations provide their insights into their current defensive preparations.
  2. Threat Landscape: Where the RH-ISAC team examines the threat trends reported by the member community for previous holiday seasons from a historical and analytical perspective.
  3. Associate Member Analysis: In which Akamai highlights key trends for the holiday season, including malicious bot traffic and Magecart-style attacks.
  4. 2022-2023 RH-ISAC Ransomware Threat Landscape Comparison: In which threat analysts from RH-ISAC highlight major shifts in the ransomware threats facing the community over time.


2023 holiday season cyber threat trends



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC report: How to comply with the new SEC cybersecurity reporting rules

RH-ISAC
Aug 2023
Open Modal

RH-ISAC report: How to comply with the new SEC cybersecurity reporting rules

RH-ISAC
|
Aug 2023

What: RH ISAC reviews new SEC cybersecurity rules regarding disclosure of cybersecurity incidents to enhance protocols and establish new processes.


Why it is important: This report discusses the significance of adhering to the new SEC standards, which is critical because non-compliance risks both legal and reputational implications. Organizations must swiftly identify material incidents to avoid unreasonable reporting delays.


To ensure compliance, RH-ISAC developed this report for retail and hospitality organizations outlining the proactive steps to be taken including enhancing incident response protocols, establishing transparent materiality determination processes, streamlining communication through standardized templates, providing necessary training, and collaborating with legal and technical experts. These measures are essential for not only achieving compliance but also mitigating the legal and reputational risks associated with cybersecurity incidents.


How Organizations Can Prepare to Comply with New SEC Cybersecurity Reporting Rules



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC

RH-ISAC
Jan 2023
Open Modal

RH-ISAC

RH-ISAC
|
Jan 2023

Formed in 2014 as the home of the Retail and Hospitality Information Security and Analysis Center (ISAC), it operates as a central hub for sharing sector-specific cyber security information and intelligence. The association connects information security teams at the strategic, operational and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for the retail and hospitality industries through collaboration.


RH-ISAC currently serves companies in the retail, hospitality, gaming, travel and other consumer-facing entities.


As an official partner of the IADS, members have access to conferences, events and other resources, including their blog and podcast episodes.


Check them out below!


Read the blog


Listen to the podcast


Visit the RH-ISAC website



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC report: 2022 holiday season cyber threat trends

RH-ISAC
Dec 2022
Open Modal

RH-ISAC report: 2022 holiday season cyber threat trends

RH-ISAC
|
Dec 2022

What: RH ISAC reviews cybersecurity threats from the 2022 holiday season.


Why it is important: For the retail, hospitality, and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats. From the beginning of October through the end of December, cyber threats to organizations expand in both scale and intensity to match the rise in consumer traffic.


In order to examine the threat landscape facing members during theholiday season, RH-ISAC developed this report, the 2022 RH-ISAC Holiday Season Threat Trends Summary. The report is in three parts:


  1. Member Perspectives: In which key subject matter experts from leading member organizations provide their insights into their current defensive preparations.
  2. Threat Landscape: Where the RH-ISAC team examines the threat trends reported by the member community for the 2020 and 2021 holiday seasons from a historical and analytical perspective.
  3. Associate Member Analysis: In which threat analysts from RH-ISAC associate member Flashpoint provide their perspective on the current holiday season threat landscape based on their research and data.


2022 holiday season cyber threat trends



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.
Category

RH-ISAC report: 2022 industry insights

RH-ISAC
Dec 2022
Open Modal

RH-ISAC report: 2022 industry insights

RH-ISAC
|
Dec 2022

What: For the retail, hospitality, and travel sectors, RH-ISAC reviewed the Verizon report and identified the key trends and findings most relevant to the community and the key industries listed that most closely align with their community's sectors of retail and hospitality.


Why it is important: This report compares some of the key takeaways from the Verizon Report with RH-ISAC's own member data, providing additional context

to help members benchmark their threat landscape against a wider community.


Across all industries surveyed, Verizon reported core metrics and trends:

» The most common attack methods were: stolen credentials, ransomware, and phishing

» The most commonly targeted data were: payment data, personally identifiable information (PII), credentials, intellectual property, and non-sensitive data

» 73% of breaches were executed by external actors, and 18% of breaches were executed by internal actors

» 39% of attacks originated with third-party vendors

» 82% of incidents resulted from human error, and these errors were split between clicking on phish links and failing to follow standards which resulted in business email compromise.

» Most indicators of compromise (IOCs) had relatively good value for blocking

» Hashes had relatively low value, but IP addresses, domains, network artifacts, tools, and TTPS all were valuable for blocking


2022 industry insights report



Save to favorites
Your item is now saved. It can take a few minutes to sync into your saved list.