This holiday season, more consumers than ever will be shopping digitally — and cybercriminals are already capitalising on the opportunity. Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, looked through the dark web to find that:
- There’s a continued rise in e-skimming attacks in the retail sector, where attackers inject JavaScript into website payment processing pages in order to siphon credit cards and account credentials from customers.
- Magecart is one of the most prominent groups behind this activity, consistently extending their capabilities and improving their tactics to infiltrate e-commerce applications, evade detections, and siphon off sensitive card data.
- Swiped credit cards are going for an average rate of $10-20/card on the dark web
- PayPal accounts are selling for $2-10/account, with those accounts loaded with more money costing more.
Cybersecurity researcher commented below on this findings.
<p>There’s no shortage of cyber threats facing retailers and shoppers this holiday season, as the volume and sophistication of cyberattacks surge with more consumers opting to shop online. </p> <p> </p> <p>As a result, retail organisations have continued to see a rise in attack methods like e-skimming where attackers inject JavaScript into payment processing pages on retail sites in order to steal credit card information from unsuspecting customers. Most prominent among groups that deploy skimming malware is Magecart, a group of malicious actors who got their name from initially compromising the popular e-commerce, Magento CMS, at scale. This group has consistently extended its capabilities and improved its tactics to infiltrate e-commerce applications and avoid detection, most recently through impersonating legitimate payment applications by way of homoglyph attacks, ultimately fooling victims into visiting malicious websites. </p> <p> </p> <p>Beyond common attacks like injecting e-skimmers into websites, many attackers still target point of sale (POS) systems directly. In the past few months, our researchers have seen POS malware variants in use across a wide variety of retailers. These attacks rely on the actual physical swipes of cards, which then allow the malware to exfiltrate credit card data along with verification data such as PIN numbers or zip codes. </p> <p> </p> <p>Also popular among retail-focused cybercriminals is the use of ransomware. Ransomware attacks function by holding an organisation\’s data, systems, and individual devices hostage, demanding that the brand payout the required ransom. More recently, we’ve seen these methods employed in the final stages of an attack as a means of covering the criminal\’s tracks and maximising profitability, cashing in on a successful intrusion by attempting to secure the ransom payment after data has already been exfiltrated and put up for sale on the dark web.</p> <p> </p> <p>With these threats significantly increasing during the holiday season, we must all remain vigilant and employ best practices to remain secure when shopping online. Users should ensure that all of their applications are up to date and running the latest versions and patches released by software vendors and application developers. Retail brands should implement advanced security measures like code-integrity checking for these types of applications to detect changes in the website’s static content and implement a web application firewall (WAF) as an additional layer of defense. When it comes to Point of Sale systems, retailers should baseline their environments so that deviations in activity such as a new server being communicated with will raise an alert for their security operations center (SOC). At a bare minimum, organisations should implement endpoint protection as a base layer of security to prevent commodity malware.</p>