LUXURY RETAIL THREAT LANDSCAPE 2024
Biggest concerns for luxury retail and fashion brands:
Public facing image to customers (outward facing)
Reputation
Revenue generation – financial impacts of cyber crime
Advanced technology – keeping up with AI, VR, Metaverse and deepfakes/fraud
Financially motivated cyber crime represents a high threat to retail organisation’s worldwide. Significant threat activity types include ransomware, infostealers, including point-of-sale (POS) malware, widespread malware distribution by phishing and spear-phishing campaigns, enhanced through AI, and DDoS campaigns conducted to extort victims.
Ransomware is increasing against luxury fashion businesses, with the intention to leverage unprotected endpoints to gain initial access. For some ransomware groups, data extortion takes priority over encryption, focusing on exfiltrating the data to extort victims, which can result in long-term reputational damage, regulatory fines, and legal requirements.
Ransomware is a type of malware blocks access to victim’s data, holding it ‘ransom’ until payment is made to threat actor. Retail is one of the most targeted by ransomware, after financial services, manufacturing, and critical infrastructure. For retailers, this can completely shutdown online and offline operations, if machines connected to the main network, with instances of screens are not working, not being able to print receipts, resorting to manual pen and paper at a store level – also manufacturing, lack of fulfilling orders, click and collect, home delivery impacted, can’t scan orders due to some retail employees using handheld devices etc. Inventory losses, needing to estimate and pay more for stock, and limited access to payroll for employees.
Types of compromise such as phishing with the end goal in mind being fraud, continue to plague retailers who are worried about financial and reputational impacts to operations and customer trust. For example, cyber crime operations can include brand impersonation and defrauding consumers, seeking to exfiltrate consumer data including financial and personally identifiable data. In the UK, cyber and data threats remain a top concern for retailers, alongside regulatory environment issues including international trade and environmental policies.
Fraud is multipurpose, involving a company’s brand being impersonated to lure customers into clicking on links and entering their details personal and financial, leading onto fraud. This can take place through social media, brand impersonating of logo, product descriptions being advertised online; or linked to the dark web – threat actors purchasing fraudulent documents with sensitive information about the company, create scam-high-profile accounts of VIPs.
Artificial Intelligence (AI) and technological advancements remain buzzwords in the retail industry, across many sectors including luxury. There is limited understanding as to how AI is being used for malicious purposes and what is required for retailers to strengthen security postures. Deepfakes are looming on social media platforms such as Instagram and TikTok; with well-known personalities and influencers endorsing brands for monetisation. Links are often attached to the designer items on screen, however in some instances videos are deepfakes, redirecting to fake websites selling counterfeit items, with reviews resembling authenticity to lure customers to make purchases resulting in fraud.
Public Member Actions:
If you have a personal public social media account, try and limit information you share, don’t tell the world when and where you’re checking in from, if it’s a dinner or holiday and so forth. We don’t need to know its your Birthday, or where you live or who you work for. This can be removed and your account, and still public would be a lot safer.
Implement MFA – multi factor authentication, create strong passwords, use facial recognition, biometrics, PIN, authenticator app code. Whatever you can do to secure logging, I would recommend.
Retailer Actions:
Think of your company or businesses as a story – each time you create a new business account, post about products, customers, revenue online, industry reports, because we are seeing more companies share their journey online; these are pieces of the puzzle threat actors can use to find a way in.
If you post your revenue forecast for the year, or that your growth over the seasonal periods was x amounts, threat actors may go after your company for financial gain. London Fashion Week.
Incidents to note:
In September 2024, it was announced many French organisations including retailer Cultura, electronics and home appliances Boulanger and media outlets were all victims of a data breach carried out by threat actor ‘horrormar44’ obtaining names, physical addresses, email addresses and phone numbers. A sample of the data was shared on BreachForums website, but it is not known if a ransom was demanded or paid by any of the victims.
In September 2024, high-end British retailer Harvey Nichols informed its customer base that data had been exposed in a cyber attack on September 16. Initial access inside the organisation has not been disclosed, but given the vast revenue and popularity of Harvey Nichols, it is often the subject of cyber criminal activity resulting in reputational, financial and legal implications.
In June 2024, Dallas, US-based luxury retailer Neiman Marcus disclosed a data breach impacting over 60,000 of its customers due to unauthorised access to its personal information stored on the database platform because of the widespread Snowflake software breach. PII information included names, email addresses, phone numbers and date of birth. Threat actor ‘Sp1d3r’ is said to have advertised the stolen data on the dark web, indicating Neiman Marcus refusal to pay a ransom.
In March 2024, ILG one of the world’s leading fashion and lifestyle accessories companies encompassing an impressive portfolio of brands and clients, suffered a cyber attack carried out by infamous ransomware group BlackBasta. The breach involved 1 TB of data including account records, company information, designs (R&D), and personal details. BlackBasta gave ILG a deadline before exposing them. However, little follow-up details into whether ILG paid the ransom has been made available.
In November 2023, Australian brand Honey Birdette was targeted by the 8Base ransomware group while promoting its savvy Cyber Monday deals for consumers. 8Base shared with its dark web community intentions to publish the alleged stolen data including sensitive documents including invoices, receipts, accounting records employee contracts and other confidential information.
Sometimes hackers want sensitive data, and personal information. For example, a luxury vehicle fleet and regularly chauffeur celebrities to and from the airport, red carpet events, and other gatherings. There is the added risk that someone might try to hack into the company’s network to find out when and where a particular celebrity will be using your services. If the network is not secure enough to keep hackers out, encryption is the only thing that will ensure your data is useless.
Another example from 2013 involved a limousine and town car service hacked. The data dump was found on a server with data from several other incidents. It appears to have been caused by a vulnerability in ColdFusion, a popular programming language at the time. In addition to credit cards, details about celebrities’ whereabouts and travels were included in the dump.
2025 Predictions:
Emergence of new ransomware groups – we have seen an increase this year, with affiliate groups working together, selling each other services and being bold in targeting.
Negotiating with victims – trying to offer decryptor for ransomware payment.
Being persistent – targeting C-suite to get ransom payment.
Ransomware - Vast amounts of customer data including credit card information, prime target for threat actors looking to steal and sell data on the dark web for profit. This can lead to loss of sales, disruption to operations and financial impacts of paying ransom demands.
Optimism – retailers investing in cyber security tooling but overwhelmed, too many tools, fatigue, more alignment with company goals and needs.
