While cybercriminals have traditionally targeted the retail sector as a means of accessing and capitalizing on consumers’ personal and payment information, the threat landscape has changed substantially in recent years. Ever since the string of high-profile data breaches on retailers beginning in 2013, robust security measures have seen swift implementation across the sector. In response, many cybercriminals have shifted their targets from retail consumers to retailers themselves.

This evolving threat landscape presents many unique challenges for retailers, which is why Flashpoint is proud to work with numerous sector leaders including three of the top ten U.S. retailers. Flashpoint’s Trusted Intelligence derived from online illicit communities empowers retailers to bolster security, inform strategic decisions, gain visibility into relevant threats and actors, and mitigate risk.

Below are examples of the types of use cases Flashpoint works with retailers to address:


Rising competition amid intense market pressure has caused companies seeking increased efficiency at lower costs to outsource their supply chains. While outsourcing can enable companies to produce more goods faster and more cheaply, it often prevents retailers from having full visibility into the factors, processes, and security measures involved in producing the goods they sell. As such, retailers may not be aware of flawed manufacturing practices, insufficient quality controls, or other errors that could lead to serious security vulnerabilities within these goods.

In one instance, Flashpoint analysts identified a serious security vulnerability present within millions of Internet of Things (IoT) devices that rendered them susceptible to exploitation by the Mirai botnet and subsequent DDoS attacks. Flashpoint traced the vulnerability to one upstream supplier contracted by many leading retailers to manufacture components of certain electronics goods they sell. Upon this discovery, Flashpoint notified retailers and manufacturers so they could address and patch the vulnerability, issue product recalls as necessary, and work with upstream suppliers to enforce stricter quality controls and security measures to help prevent future issues from arising.


Fraud remains one of the most persistent threats to retailers across the enterprise. While fraudsters once relied on lower-level tactics such as carding and ATM skimming, the implementation of increasingly comprehensive anti-fraud measures has led to the emergence of larger-scale, more damaging schemes. The majority of these schemes develop within online illicit communities, which presents challenges for retailers without visibility into these closed-access regions of the internet.

In one scenario, Flashpoint uncovered a plot to exploit the upcoming U.S. implementation of Europay MasterCard Visa (EMV). Intelligence from online illicit communities revealed that threat actors had developed specific EMV-chip recording software and manufacturing techniques to fabricate chip-enabled credit cards capable of bypassing even the most robust anti-fraud measures. In addition to reporting these findings to financial institutions involved in the upcoming EMV launch, Flashpoint notified retailers so they could adjust their anti-fraud measures accordingly and proactively address the threat of large-scale fraudulent purchases and potential for economic and reputational damages.


Ransomware continues to pose a substantial threat to retailers. Ransomware infections are often executed via phishing emails that leverage social-engineering tactics to entice the user to click an infected link or download an infected file, so all it takes is one user’s misstep to jeopardize an entire company’s access to critical systems or information. As increasingly advanced ransomware campaigns and “ransomware-for-hire” services continue to emerge from online illicit communities, it is crucial for companies to recognize the critical need to gain as much visibility as possible into these threats.

In one instance, Flashpoint analysts monitoring the notorious Locky ransomware actors identified an active campaign developed to target retailers during the 2016 holiday season. The strain of ransomware, which was distributed via phishing emails disguised as payment invoices, was previously linked to infections causing massive economic and reputation damages at numerous organizations. In response, Flashpoint immediately notified retailers of the ongoing campaign and relevant indicators of compromise (IOCs) so they could appropriately bolster security measures, implement robust user-access controls, and work with employees to uphold good security hygiene and phishing awareness to help prevent future infections.

Did this answer your question?