IBM Study: Cyberattacks Fewer, But More Costly

There’s good news and bad news on the cybersecurity front, an IBM study finds. Over the past 2 years, there has been a 50% decline in the number of cyberattacks against U.S. retailers. However, the number of records stolen from them remains at near record highs. IBM security researchers report that in 2014, cyber attackers still managed to steal more than 61 million records from retailers despite the decline in attacks, demonstrating cyber criminals' increasing sophistication and efficiency.

According to the research, cyber attackers are becoming increasingly more sophisticated, using new techniques to obtain massive amounts of confidential records with increased efficiency. Since 2012, the number of breaches reported by retailers dropped by 50 percent. Despite this decline, the perpetrators were able to impact a far greater number of victims with each incident.

“The threat from organized cybercrime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager for IBM Security Services. “It is imperative that security leaders and CISOs in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”

Ironically, while Black Friday and Cyber Monday were identified as the two biggest shopping days of the year by IBM’s Digital Analytics Benchmark, cyber attackers reduced their activity across all industries on Black Friday and Cyber Monday, rather than taking action. When looking at the 2-week period (Nov. 24 - Dec. 5, 2014) around these days, the data shows that the number of daily cyberattacks was 3,043, nearly one-third less than the 4,200 average over this period in 2013. From 2013 and 2014, the number of breaches dropped by more than 50% for Black Friday and Cyber Monday.

Despite this “cyber threat slow down,” the retail and wholesale industries emerged as the top industry target for attackers in 2014, a potential result of the wave of high profile incidents impacting name brand retailers. In the 2 years prior, manufacturing ranked first amongst the top five attacked industries while the retail and wholesale industry ranked last. This past year, the primary mode of attack was unauthorized access via Secure Shell Brute Force attacks, which surpassed malicious code, the top choice in 2012 and 2013.

Attackers secured more than 61 million records in 2014, down from almost 73 million in 2013. However, when the data was narrowed down to only  incidents involving less than 10 million records (which excludes the top two attacks over this timeframe, Target Corporation and The Home Depot), the data shows a different story - the number of retail records compromised in 2014 increased by more than 43% over 2013.

While there has been a rise in the number of Point of Sale (POS) malware attacks, the vast majority of incidents targeting the retail sector involved Command Injection or SQL injection. The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target. Over 2014, this Command Injection method was used in nearly 6,000 attacks against retailers. Additional methods include Shellshock as well as POS malware such as BlackPOS, Dexter, vSkimmer, Alina and Citadel.

For more information, visit