Cyber Risk in the Retail Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Retail.

Report

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

This blog post by Microsoft Threat Intelligence describes the Seashell Blizzard intrusion set and specifically the BadPilot campaign. According to ...

View Source
Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source
Report

APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation

This 2022 report by researchers at FireEye threat intelligence outlines the intrusion set they designate as APT41. They describe the group as 'a ...

View Source
Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source
Report

REDCURL - The pentest you didn't know about

This report by researchers at Group-IB outlines activity by a group they call RedCurl. The report identifies victimology and motivation (corporate ...

View Source
Report

Ransomware Spotlight: Black Basta

This report from Trend Micro outlines tactics, techniques and procedures used by the Black Basta Ransomware group. According to the report, Black ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Retail.

ATT&CK ID Title Associated Tactics
T1595.003 Wordlist Scanning Reconnaissance
T1020 Automated Exfiltration Exfiltration
T1566.002 Spearphishing Link Initial Access
T1057 Process Discovery Discovery
T1087.002 Domain Account Discovery
T1036.007 Double File Extension Defense Evasion
T1583.001 Domains Resource Development
T1059.006 Python Execution
T1210 Exploitation of Remote Services Lateral Movement
T1003.001 LSASS Memory Credential Access
T1574.002 DLL Side-Loading Defense Evasion, Persistence, Privilege Escalation
T1110.003 Password Spraying Credential Access
T1059.001 PowerShell Execution
T1543.003 Windows Service Persistence, Privilege Escalation
T1059.003 Windows Command Shell Execution
T1586.002 Email Accounts Resource Development
T1584.004 Server Resource Development
T1112 Modify Registry Defense Evasion
T1078 Valid Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1608.005 Link Target Resource Development
T1078.003 Local Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1036.005 Match Legitimate Name or Location Defense Evasion
T1053.005 Scheduled Task Execution, Persistence, Privilege Escalation
T1003.002 Security Account Manager Credential Access
T1588.001 Malware Resource Development
T1033 System Owner/User Discovery Discovery
T1595.002 Vulnerability Scanning Reconnaissance
T1588.003 Code Signing Certificates Resource Development
T1592 Gather Victim Host Information Reconnaissance
T1505.003 Web Shell Persistence
T1087.001 Local Account Discovery
T1021.006 Windows Remote Management Lateral Movement
T1047 Windows Management Instrumentation Execution
T1539 Steal Web Session Cookie Credential Access
T1133 External Remote Services Initial Access, Persistence
T1140 Deobfuscate/Decode Files or Information Defense Evasion
T1608.001 Upload Malware Resource Development
T1608.002 Upload Tool Resource Development
T1569.002 Service Execution Execution
T1583.003 Virtual Private Server Resource Development
T1595.001 Scanning IP Blocks Reconnaissance
T1203 Exploitation for Client Execution Execution
T1204.002 Malicious File Execution
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1114 Email Collection Collection
T1071.001 Web Protocols Command and Control
T1069.002 Domain Groups Discovery
T1534 Internal Spearphishing Lateral Movement
T1199 Trusted Relationship Initial Access
T1656 Impersonation Defense Evasion
T1573 Encrypted Channel Command and Control
T1007 System Service Discovery Discovery
T1572 Protocol Tunneling Command and Control
T1190 Exploit Public-Facing Application Initial Access
T1590 Gather Victim Network Information Reconnaissance
T1566.001 Spearphishing Attachment Initial Access
T1119 Automated Collection Collection
T1105 Ingress Tool Transfer Command and Control
T1087.003 Email Account Discovery
T1005 Data from Local System Collection
T1218.011 Rundll32 Defense Evasion
T1114.001 Local Email Collection Collection
T1070.004 File Deletion Defense Evasion
T1555.003 Credentials from Web Browsers Credential Access
T1537 Transfer Data to Cloud Account Exfiltration
T1082 System Information Discovery Discovery
T1564.001 Hidden Files and Directories Defense Evasion
T1056.002 GUI Input Capture Collection, Credential Access
T1547.001 Registry Run Keys / Startup Folder Persistence, Privilege Escalation
T1039 Data from Network Shared Drive Collection
T1102 Web Service Command and Control
T1080 Taint Shared Content Lateral Movement
T1552.002 Credentials in Registry Credential Access
T1083 File and Directory Discovery Discovery
T1552.001 Credentials In Files Credential Access
T1027 Obfuscated Files or Information Defense Evasion
T1059.005 Visual Basic Execution
T1489 Service Stop Impact
T1041 Exfiltration Over C2 Channel Exfiltration
T1018 Remote System Discovery Discovery
T1486 Data Encrypted for Impact Impact
T1491 Defacement Impact
T1562.001 Disable or Modify Tools Defense Evasion
T1570 Lateral Tool Transfer Lateral Movement
T1562.009 Safe Mode Boot Defense Evasion
T1484.001 Group Policy Modification Defense Evasion, Privilege Escalation
T1567 Exfiltration Over Web Service Exfiltration
T1490 Inhibit System Recovery Impact
T1021.001 Remote Desktop Protocol Lateral Movement
T1003 OS Credential Dumping Credential Access
T1620 Reflective Code Loading Defense Evasion