The total number of retail cyber security attacks in the U.S. has dropped dramatically since 2012, but the impact of such breaches has significantly increased, according to an annual report published Tuesday by IBM.
The report analyzed major data breaches, methods of data loss, and types of attacks targeting the retail industry.
Despite a more than 50 percent decline in retail attacks between 2012 and 2014, the number of records stolen skyrocketed.
A 2013 attack on Target and a 2014 attack on Home Depot — two of the largest data breaches in history — combined to compromise more than 100 million records. But even when researchers excluded those major attacks, focusing only on breaches that compromised fewer than 10 million records, they found the average attack to be “more significant and wide-reaching in terms of victims affected.”
The Home Depot and Target attacks made a “Point of Sale” malware bug called BlackPOS infamous. The bug takes advantage of Windows XPe security holes on retail servers, according to IBM.
But while BlackPOS was used in those major attacks, by far the most common type of retail attack reported in 2014 was achieved using SQL, or Command, injection.
In these attacks, hackers access common website features such as login forms, search bars or contact pages, and insert code that instructs the site to allow access to customer databases.
Read the full report HERE.