Cyber Intel Report  |  April 2021

Australia & New Zealand
Retail and eCommerce Industry Threat Report

Adapting to COVID-19 Environment

The Retail Industry’s cyber security landscape was reshaped by COVID-19 and the accelerated uptake of eCommerce platforms. This transition from traditional ‘bricks and mortar’ stores was necessary to ensure business continuity, but also caused a boost in sales as more people started using home deliveries. This was seen by the exponential growth of the Australian1 and New Zealand2 eCommerce markets in 2020, with both experiencing record sales during November 2020.3 4

Cyber criminals targeting the retail sector tend to focus on busy periods of operations, such as the Black Friday sales or holiday periods. Coupled with an increased reliance on online services introduced by the pandemic, this has caused cyber attacks on eCommerce platforms to increase. This operational shift has consequently increased the attack surface for financially motivated cyber criminal groups to target retail companies, using mechanisms such as formjacking.

Formjacking, also commonly referred to as e-skimming, digital skimming or Magecart scripts, is when an adversary compromises a website and inserts malicious JavaScript code within the checkout page for the purpose of data theft.5

1 https://auspost.com.au/content/dam/auspost_corp/media/documents/2020-ecommerce-industry-report.pdf
2 https://thefulldownload.co.nz/sites/default/files/2020-07/The_Full_Download_2020_0.pdf
3 https://auspost.com.au/content/dam/auspost_corp/media/documents/inside-australian-online-shopping-update-dec2020.pdf
4 https://thefulldownload.co.nz/ecommerce-spotlight-december
5 https://securityboulevard.com/2021/01/what-is-formjacking/