Retailers are being hit by more malware attacks than ever — with WhatsApp one of the biggest concerns

News
By Sead Fadilpašić
published

WhatsApp could be used for attacks targeting the retail sector

security
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

Organizations and customers in the retail sector are an increasingly popular target for cybercriminals everywhere, due to valuable data such as payment details being readily available. 

But given its popularity in the vertical, WhatsApp is bound to become a major concern for retailers looking to stay secure, a new report from Netskope Threat Labs says.

As per the report, IoT botnets, remote access tools and infostealers were the key malware families hackers used in their campaigns against retail targets.

"Surprising" results

The most popular family was the Mirai botnet, it was said, as this piece of malware was found on countless networking devices running Linux (think routers, cameras, etc.) in the retail environment. Furthermore, the source code for Mirai recently leaked, resulting in a flood of new variants. All of them are regarded as a considerable risk to the retail sector.

Netskope also warned about WhatsApp. This communications app is extremely popular in retail - three times more compared to other industries (14% compared to 5.8%), both in terms of average use, and downloads. However, WhatsApp was not listed among the current top apps for malware downloads.

This, the researchers believe, is bound to change, as hackers realize the popularity of the app and the significant attack vector it can become. 

Social media applications like X (12%), Facebook (10%) and Instagram (1.5% for uploads) were all more popular in retail, compared to other industries.

For Paolo Passeri, Cyber Intelligence Principal at Netskope, the findings were “surprising”. “Mirai is not a particularly recent threat, and since its discovery in 2016, there are now multiple variants used today. The fact that attackers continue to use it to target IoT devices shows that too many organizations continue to dangerously overlook the security posture of their internet-connected devices.” 

Netskope built its report using anonymized data from roughly 2,500 customers from the retail sector who agreed to participate in the survey.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.