Week 8: Identity-based Attacks Breaching Retail

5 Ways Identity-based Attacks Are Breaching Retail 

Exploiting Third‑Party Trust (Adidas)

Attackers gained access through a vendor’s SaaS integration using stale tokens/service accounts that lacked MFA or expiration. This supply-chain style breach exposed customer data without any malware—just unchecked trust in third parties 


Credential Stuffing & Privilege Abuse (The North Face)

Using leaked username/password combos, attackers accessed customer accounts via credential stuffing. With no MFA protection, they quietly extracted PII—demonstrating how weak identity hygiene opens doors. 

 

SIM Swapping & Social Engineering (Marks & Spencer, Co‑op)

Threat group Scattered Spider tricked help desk staff using SIM swap and impersonation, resetting MFA and password protections. This kind of human-layer trickery granted lateral access through overprivileged or dormant SaaS identities

 

Hijacked Unmonitored SaaS Admins (Victoria’s Secret)

Although details are sparse, attackers likely targeted high-privilege SaaS admin roles or tokens, leveraging overprivileged and unmonitored identities to disrupt e-commerce and in-store systems—all without deploying malware 

 

Third‑Party CRM Token Abuse (Cartier & Dior)

By targeting persistent tokens/API keys used by external CRM/CS platforms, attackers accessed customer data at scale. These non-human identities typically fall outside centralized IAM and often go unrotated 

 

Best Practices:

  1. Identity-first audits: Discover and inventory every identity—human and non-human.

  2. Adaptive/cloud-aware MFA: Use phishing-resistant methods like FIDO2 or biometric authentication.

  3. Enforce least-privilege: Regular access reviews and prompt decommissioning of unused permissions.

  4. Secure help‑desk channels: Add behavioral verification layers; segregate high-risk actions from standard support.

  5. Behavioral anomaly detection: Implement Identity Threat Detection and Response (ITDR) for login/session irregularities. 

 

Resources: https://thehackernews.com/2025/07/5-ways-identity-based-attacks-are.html 

 

Comments

Post a Comment

Popular posts from this blog

Week 3- Attackers Impersonate as Managed Devices

 A report was created that a high-severity vulnerability has been found in Cisco's Nexus Dashboard Fabric Controller which allows unauthenticated attackers to impersonate managed network devices through SSH connections that are compromised. Security researchers from REQON B.V. identified the flaw, which comes from insufficient SSH host key validation mechanisms within the NDFC infrastructure. The affected system fails to properly validate SSH host keys during connection, that allows malicious actors to conduct machine-in-the-middle attacks giving themselves the chance to position themselves between the NDFC controller and managed devices, potentially intercepting and manipulating network management traffic. Attackers that successfully exploit this vulnerability could create persistent backdoors within the managed network environment. Cisco has released software updates to address this vulnerability, with no available workarounds for affected systems. The fix implements enhances the...
Read more

Week 7: Data Privacy

Image
    What Is Data Privacy? 1. Defining Privacy & Data Privacy Privacy is the fundamental right to keep your personal life and information to yourself. Data privacy specifically focuses on protecting your digital personal data—like your name, birthdate, online activity, medical info, and financial details—from unwanted access or sharing 2. Why It Matters in the Digital Age Vast volumes of data are generated whenever you go online—your web behavior, purchases, and even the time spent on a page. Companies analyze this data to personalize ads, predict behavior, and make decisions—but it also means your every action becomes part of a digital footprint   3. Data Privacy vs. Cybersecurity Cybersecurity is about protecting data from unauthorized intrusions, like hacks or malware. Data privacy is about your rights and choices—deciding who gets access to your information and what they can do with it .  Data privacy is all about making informed choices and ...
Read more

Week 4: Cyber Supply Chain Risk Management

Image
      Something I believe we will all will run into at some point Digital supply Chain. What is Digital supply chain? Digital supply chain protects the entire digital ecosystem involved in the movement of goods and information like raw materials leading to finished products. The aspect of supply chain security for digital systems are increasingly used to manage various aspects of the supply chain like order processing, payments and shipping. Cyber supply chain risk management is to identify what cyber risk exist within a chain and manage risks that occur since organizations no longer have control or visibility into the digital supply systems they are connected to. There are three main types of attack, Network, Software, and Hardware supply chain attacks. I won't go over all types of attack but I will talk about one that is the most common and that is Software supply chain attacks. Usually what happens is a vendor's network can be invaded by an attacker who can compromise ...
Read more