Online stalking, or cyberstalking, is on the rise. Covid-19 has only exasperated the problem, with lockdowns increasing the vulnerability of victims as people continue to spend exponentially more time online. In fact, Paladin (UK’s national stalking advocacy service) reported having a 50% to 70% increase in requests for support around stalking cases during the pandemic.

In one UK study, 358 cases of homicides were analysed. The results indicated that in 94% of these homicides, the victim was stalked before the homicide took place. This statistic indicates how important it is to recognise stalker-like behavior before a potential violence occurs. Organizations who exercise the highest standards of Duty of Care and want to keep their employees safe, understand the importance of detecting signs of stalking before the problem snowballs.

Cyberstalking is on the rise

• Stalking on social media:

  • Facebook

  • Instagram

  • Twitter

  • Snapchat

  • TikTok

• Stalking via private messaging platforms:

  • WeChat

  • Telegram

  • Whatsapp

  • Facebook Messenger

• Other stalking techniques:

  • Virtually visiting victims on street maps

  • Looking at victim geotags

  • Hijacking webcams

  • Catfishing

How Signal Helps

Using Signal, analysts discovered X, a stalker using social media, harassing a client’s employee. In a 4-week span this user sent approximately 1500 social media posts mentioning said employee. The content of X’s posts includes photographs of the employee’s children, mentions 9 hand-written letters posted to the client, marriage proposals, and also sentiment seesawing between love-speech and hate-speech. X also contacted other employees, especially when the desired effect on the first employee wasn’t achieved.

Using the data found, analysts took X’s content and ran it through various analysis steps to prepare a data set to be included in a dossier. The most popular words and phrases were pulled from the posts, then further analysed by Signal.

The prepared dossier was shared with the client so that they could instigated their employee support  process for dealing with online harassment. 

Benefits of Signal’s Stalker Threat Preventative System

Signal helps prevent the potential psychological trauma of employees, physical harm, and at worst violence or loss of life. 

Stalking causes business disruptions as well. Companies whose employees fall victim to stalking will lose productivity each year. Impacts include reduced or lost output, increases in staff turnover, increases in absenteeism, investment required for support programs and increased management overhead. Collectively, victims of stalking will lose approximately $110 billion over a lifespan.

Signal can detect harassment in real time. Client analysts or analysts from Signal can watch for stalker-like behavior and notify you as soon it is detected. This information in turn is used to trigger employee support programs and increased monitoring to ensure escalation doesn't occur.  

We can save your employees and business potential time, harm and money. Contact us to learn more or schedule a demo.

While data breaches are invariably costly for organizations, the fallout from a data breach isn’t always the same. There are numerous motivations for threat actors and an even greater number of strategies that they employ to achieve their varied goals. As such, it falls to security professionals can continuously learn from the ongoing cyberattacks the best ways to predict and prevent cyber breaches in a constantly evolving threat landscape.

In this article, we take a look at 5 of the lessons that can be learnt from some of the biggest cyberattacks of 2020.

1. 3rd party integrations create new attack surfaces

The recent breach of SolarWinds allowed foreign agents to access and spread malware to numerous government agencies and high-value US targets. These threat actors knew they could likely never penetrate these targets directly, and instead discovered they all used the same software for network management - SolarWinds. 

The attack spread a malware which lay unnoticed in the system for months as the attackers are believed to have observed and gathered data on their targets.

The key take away from this hack is that no matter how excellent and strict your own system’s security is, if the 3rd party systems you use have a weakness, then so do you. This is especially important as systems become increasingly interconnected, with a myriad of moving parts provided by dozens of different vendors. 

While you can’t and shouldn’t simply wall of your systems with a trust no-one approach, organizations also mustn’t take third-party solution provider’s security for granted. Conduct rigorous, ongoing security audits of your systems to be sure there’s not a nasty surprise hiding around the corner.

2. You need clarity across your organization’s security

As an organization grows in size and complexity, often, as we mentioned above, integrating and employing 3rd party vendors, the number of attack surfaces grows too. Organizations need systems in place to maintain clarity over the entirety of their IT security.

In July, Garmin was locked out of its own systems by ransomware and ended up having to pay millions in ransom for the decryption key. 

Garmin faced an impossible situation. While law enforcement officials and cybersecurity experts repeatedly warn companies not to pay ransomware attackers as it encourages further ransomware attacks, companies like Garmin are often left with no other choice. 

As such, companies need to employ systems, security protocols, and training to prevent ransomware.

For businesses like this, it’s vital to have systems in place to maintain a vigilant security posture toward every possible vector for attack.

3. Humans are the weakest link

Social engineering tactics can range from rather obvious emails from Nigerian princes to complex multi-step and highly targeted spear-phishing campaigns. In late 2020 the latter is what happened to Twitter, with numerous employees targeted with a strikingly elaborate spear-phishing campaign. The strategy involved multiple steps including tricking an employees phone carrier, pretending to be a member of the I.T. team, and creating fake login pages.

Once they had an employees admin account login they hijacked multiple high profile Twitter accounts and launched a Bitcoin scam that saw them making off with over $100,000 in less than an hour before it was stopped. Though this attack certainly could have been worse, it shows how one of a companies biggest vulnerabilities is compromised employee credentials. 

There are a couple of things that can be done to protect against employee weakness in your security defences. These include restricting employee access to sensitive data. Ensuring you offboard, and remove access to systems for old employees, implementing strong authentication protocols such as multi-factor authentication, and regular security training sessions for staff 

4. Only store data vital to providing your service

In July of 2020 GEDMatch, a DNA genealogy site was hacked. The hackers changed the user’s privacy settings - opting everyone in to share their data with law enforcement. The hack exposed the data of around 1.4 million people.

Thankfully, GEDMatch later announced that no raw DNA files had been compromised as no raw data is stored on the site. Instead, the data is encoded when it’s uploaded and the raw file deleted immediately. The key lesson here is that GEDMatch followed good practice, not storing any sensitive raw data and thus eliminating a potentially serious attack vector meaning the failure of one control did not lead to the attackers progressing beyond their initial intrusion.

If you can avoid storing highly sensitive data — such as passwords, payment information, or biometric data — on your own servers, do so. Deleting raw DNA data helped minimize the damage to GEDMatch in this breach.

5. People aren’t going to stop reusing passwords

The majority of people on the internet don’t know the best online security practices and many reuse the same tired old password across numerous websites. This has lead to a rise in popularity of one of the most common attack strategies employed by threat actors, credential stuffing. This is when they buy large datasets of login details, eg. passwords and user names, and apply them to other sites. While the strike rate is generally quite low, this strategy of credential stuffing does work. This is what happened to several insurance companies in 2020 including Independence Blue Cross. 

Independence Blue Cross reported that their member portals had been improperly accessed by hackers reusing credentials stolen from MyFitnessPal in an attack from 2018.

People aren’t going to stop reusing passwords anytime soon, but businesses can still guard against credential stuffing. One crucial step is to implement strong authentication protocols such as multi-factor authentication or adaptive authentication, which asks users for more credentials if their behavior is suspicious. In this case, it could have noticed that members were logging in with new I.P. addresses or at an unusual time of day, and asked them to confirm their identity.

Final Words

Organizations are increasingly connected online, using a myriad of integrations and tools to create better, more user-friendly solutions. Additionally, as we all become more technologically literate and engage more and more online there is an increasing amount of users data stored on organizational systems.

This means that the number of attack surfaces that organizations have to be aware of is continuously growing, and so too are the opportunities for attackers to achieve their goals. Whether it’s foreign espionage, idealogical fanatacism, or for personal financial gain.

Ultimately, we’re all in this together, a data breach or successful attack on one company could easily have ramifications against your own organizations. As such, employing the right tools, such as an OSINT tool like Signal, to monitor, detect and better protect against potential threats in this growing threat landscape has never been more important. 

Retail is the fourth most targeted industry by cyber-criminals. It is the same technologies that have created new potential growth opportunities for these businesses which has simultaneously opened up new and evolving attack vectors for both cyber-criminals and physical attacks.

Use of the cloud, IoT (Internet of Things) and global expansion increases potential risks exponentially, as these threats are no longer constrained by location or borders. Organisations need to secure customer data, protect executives, manage travel, predict physical threats to assets, and prevent cyber-attacks. All of these threats could come from a range of possible sources involving a plethora of evolving methods, from anywhere in the world. 

Digital and In-Store Locations Are Both Valuable Targets

Retailers deal with large numbers of people. As such, their databases necessarily contain vast amounts of data which could be valuable to hackers. This includes but isn’t limited to personally identifiable information (PII) for customers, employees and even executives. Vulnerable PII which contains financial information is highly valuable and the most obvious of targets for hackers, however, even non-sensitive data can be a hugely profitable attack vector for cyber-criminals when used correctly. This is shown by the frequent sales of login credentials on the dark web.

Additional avenues of attack include mobile retailer apps, customer-facing devices in retail locations, and IoT product offerings. These new technologies are continuously assessed by cybercriminals for potentially exploitable weaknesses and can often be found mentioned in online discussion forums. Because of this, public-facing social media data, as well as data collected off the dark web, is more valuable than ever in detecting threats.

Social media, as well as anonymous forums on deep and dark websites, are used to discuss or advertise criminal strategies like shoplifting, POS fraud, and counterfeiting. Public-facing social media data is more relevant than ever for detecting sentiment, executive threats, and critical events like active shooters in or around retail locations.

The Heavy Cost of Threats for Retailers

The cost associated with the risks outlined in this article are huge. Retail inventory loss incurred by shoplifting or fraud costs the industry an estimated $50 billion a year. The average cost of a data breach, according to a 2018 Ponemon Institute report, is USD $3.86 million. And these are just the measurable costs. The long lasting effects that comes with the reputational damage and global brand erosion that coincides with a data breach that exposes customer or executive data is also a highly valid concern.

This information points to the importance and necessity for an effective data discovery and analysis programme to be employed by companies to effectively secure organisations in the retail industry. Security teams are burdened with a seemingly impossible task of processing an ever-increasing and varied amount of threat data to separate the noise from the real threats to contextualise that data into actionable insights. This industry needs tools that automate and accelerate data analysis to enable effective threat monitoring and prediction.

- 50% of retailers have experienced a data breach.

- 84% plan to increase IT security spending.

- 85% of retail IT security professionals said their organisation used cloud storage for sensitive data.

Source

The Importance of Cybersecurity in Retail

The rise of e-commerce and the adoption of digital technologies means that retailers now hold vastly more data on their customers than ever before. Most major outlets currently have online stores and it’s expected that online sales will outstrip high street sales within the decade. Gaining access to customer accounts can give access to PII and even bank details. Hackers who manage to obtain this customer data will either use this data themselves or more likely sell it on the dark web.

One of the popular methods that this data is used for is an approach called credential stuffing. This attack works because many customers use the same login credentials across many different sites. Hackers will take these credentials and make multiple automated login attempts across an array of websites. One team of security analysts found that 90% of retail login attempts were from hackers attempting to access other people’s accounts in this way. 

Another common attack vector is payment processes. Retailers are embracing technology to make it as easy as possible for customers to purchase through their online stores, however, if security standards aren’t advanced alongside these payment processes then they leave vulnerabilities to fraudulent activity.

A final key cybersecurity vulnerability for retailers is the staff. Often retailers hire young and inexperienced staff, most of whom have had little if any cybersecurity training. This leaves them vulnerable to common ‘social engineering’ attacks such as ‘phishing’. For example, a hacker might contact a staff member directly and trick them into installing malware onto a company device or attempt to get them to provide sensitive information by pretending they are someone that they aren’t. 

Additional Threat Vectors for the Retail Industry

A few examples of additional threat vectors that the retail industry need to pay careful attention to include: 

Gift card cloning

In a 2018 report security firm Flashpoint identified found hundreds of discussions of "cracked" gift cards on criminal web forums.

There are several strategies to hack gift cards. One example is by predicting the gift card numbers, which when combined with a brute force attack, means hackers can identify activated cards and the amounts on them. Another method involves creating clone cards of inactive gift cards and then when they are activated using the credit before the rightful owner has a chance.

Whichever method they choose it’s often the retailer that’s left picking up the tab.

Executive and employee threats

As with any industry, staff may be targeted, not just for phishing attacks or fraud but for physical attacks by disgruntled customers or even terrorists. 

Threats to physical locations

From active shooter attacks to terrorist assaults physical locations, especially those where members of the public can come and go freely, are high-risk locations.

By utilising the right technology companies can identify threats early and mitigate the potential damage by forming an effective response based on real-time data fast.

What modern security means for modern retail

Criminals can leverage the web to commit both physical (such as in-store theft), as well as cyber-attacks (such as phishing or gift card cloning). This leaves retailers operating in a unique threat landscape with a broad array of potential attack vectors.

There are three levels that modern retailers should consider to ensure a complete and effective security, both in-store and online. First, at the highest level, training and information need to be gathered for both their security teams, both also disseminated to employees across the organisation so that everyone is aware of the threats and how to avoid them.

The next level is to only work with secure third-party providers. Companies that take security seriously and when it comes to building defences against cybercrime have strong records. These businesses, such as connected devices, cloud storage or payment portal providers form a crux of any companies security.

Finally, the security team need to be enabled with the right tools for the job at hand. Signal OSINT software enables security teams to scan a vast number of open, surface, and dark web channels and sources to gain real-time data on emerging threats. Our sentiment analysis, custom filters and advanced alerting means security teams can be notified instantly on threats as they are emerging. Whether it’s customer data for sale online, or an active shooter situation in-store, security teams can quickly assess and respond to mitigate risks and damages.