Retail cyber attacks drop by half despite rising data theft: IBM

Hackers managed to steal more than 61 million records from retailers in 2014, even though the overall number of cyber attacks dropped by 50 percent.
Written by Natalie Gagliordi, Contributor

A report released Monday from IBM security researchers suggests that, overall, cyber attacks against retailers are on the decline, even though the total amount of data compromised continues to steadily rise.

According to the IBM research and intelligence report, the number of retail cyber attacks have dropped by 50 percent since 2012. But even with that significant decrease, hackers still managed to steal more than 61 million records from retailers -- a rise of roughly 43 percent since 2013. And that's not including either the Target or the Home Depot breaches.

The disconnect in the figures suggests that hackers are becoming more pointed and sophisticated in their attacks, doing more damage in fewer places.


As for mode of attack preferred by hackers, 2014 was the year of Secure Shell Brute Force, overtaking the malicious code method that prevailed for the two years prior.

And although there has been a rise in POS malware, the retail sector found itself particularly vulnerable to Command Injection attacks, which were used in nearly 6,000 retail hacks throughout 2014. IBM attributes the complexity of SQL deployments and the lack of data validation performed by security administrators as reasons why retail databases are the primary targets for these types of attacks.

Editorial standards