U.S. Retailers: How a Grinch Will Steal Your Holiday This Year

On top of a challenging economic year, retailers, e-tailers, and their customers face a growing threat this holiday season: the rise in cyberattacks. While businesses have lived with this threat ever since the birth of online sales, this season will be different for several reasons.Fortunately, this is the challenge that Cyberpion answers with ease. We provide external attack surface visibility and mapping of third party connections, as well as constant risk assessment of these connections.

Our cursory scans of the Top 30 U.S. Retailer’s external attack surfaces revealed that nearly 83% have a potential attack surface vulnerability that could lead to a cybersecurity breach. The following is what we discovered in our research about these organizations as we are in the middle of the all-important holiday shopping season.


This Holiday Season a Perfect Cybersecurity Storm Has Been Growing on the Horizon

Spike in online purchases

In order to limit their exposure to Covid-19, consumers have increased their e-commerce purchases. In the first half of 2020 online purchases spiked by roughly 30% (US Census Bureau). The holiday season will likely exacerbate this trend.

Improving cybersecurity is a top priority

Prior to Covid-19, the Retail industry as a whole was heavily investing in Digital Transformation initiatives to improve their customer’s experience. According to BDO’s 2020 report on Retail Digital Transformation, cybersecurity is a top priority for these initiatives.

How Vulnerable are the Top U.S. Retailers?

In preparation for this blog post we used Cyberpion’s Security platform to perform a single pass, external scan of the external attack surfaces of the Top 30 U.S. Retailers, including names such as Walmart, Amazon, Kroger, Costco and more. Our goal is to understand this industry as a whole in order to provide insights and benchmarks that may help all retailers when investing in cybersecurity solutions. For a more detailed explanation of what online ecosystems are, please read more here.

Retailers, especially online retailers, are likely to use substantial online infrastructures that would include multiple domains and sub-domains (consider the need for language, region, brand, product and mobile app specific sites), which in turn would incorporate hundreds, if not thousands, of connections to third-party providers for tracking, behavior, analytics and advertising services. In turn, these third-party providers would be connected to additional providers to assist in their service provisioning. Ultimately, these connections would lead to thousands of javascript code, image, and font resources. All of these elements, connections, and infrastructure are possible attack vectors for a hacking attempt.

Key Numbers:
Attack Surface Stats – Top 30 Retailers

Average number of domains and sub-domains within attack surface
Average number of connected third-party resources
Average number of total connections
Average number of cloud instances used within attack surface

Finding the Needle in this Attack Surface Haystack

When you understand that a vulnerability could be hiding anywhere within this external attack surface of domains, resources, connections and cloud instances you can see how challenging the job of understanding your risk can be. The security team must not only be able to discover every element within the attack surface, they must then assess the potential risk within each element. Fortunately, this is the challenge that Cyberpion answers with ease. We provide external attack surface visibility and mapping of third party connections, as well as constant risk assessment of these connections.

Key Numbers:
Online Vulnerabilities – Top 30 Retailers

Note: The following findings come from a one-time vulnerability assessment on the public-facing assets of these organizations. A deeper and continuous scan of these infrastructures would likely indicate MORE vulnerabilities.



Cyberpion discovered that nearly a quarter (23%) of the top 30 U.S. retailers have at least one COMPROMISED ASSET under the control of hackers, not the retailer.



Cyberpion discovered that nearly one-third (30%) of the top 30 U.S. retailers have an asset that was ABUSED or STILL UNDER ABUSE as part of a global hacking campaign.



Cyberpion discovered vulnerabilities in nearly half (43%) of the top 30 U.S. retailers have a vulnerable asset that COULD BE exploited and represents an immediate risk.



Cyberpion discovered that most (83%) of the top 30 U.S. retailers have connections to a VULNERABLE third-party asset.

What Happens Next?

While the scope of this blog post doesn’t cover the nature and potential damages that these vulnerabilities could represent for these retailers and their customers, the risks and damages are very real. External attack surfaces, the third-party assets and infrastructures that your organization connects to, represent a growing and significant attack surface for your organization.

The impact of Covid-19, the trend of Digital Transformation, and the rise in online purchase for this holiday season will only increase the likelihood that these vulnerabilities will be discovered and exploited by today’s threat actors.


Final Thoughts

While we’ve used the Top 30 U.S. retailers for this post external attack surfaces, and their inherent vulnerabilities, are not limited to U.S.-based, large, or only retail organizations. In this era of hyper-connected online infrastructures it is likely your organization has a vulnerability hiding in its attack surface. If you are a cybersecurity representative of your organization (of any size) we encourage you to contact us immediately to get a free single-pass scan of your external attack surface!

Let Us
Show You.

Discover Your Exposure So You Can Protect It

Request a free hyper external attack surface scan today.