Skimmer Supply Chain Attack On 100 Sotheby’s Real Estate Sites

While running an initial check on https://www.sothebysrealty.com/ that just experienced a supply chain attack on over 100 real estate websites operated by the company, Cyberpion discovered that sothebys.com, the multinational of which Sotheby’s International Realty is a subsidiary, is not adopting the best security policies that should have been implemented from past experience, especially considering their site was infected with digital skimming code back in 2018.

According to Sotheby’s privacy policy, they may share information with Sotheby’s International Realty

 Other key findings include:

  1. Sotheby’s home page (sothebys.com) is accessible over an insecure connection:
  2. This page also refers to their login page (which is loaded securely), but a manipulation on the main site can affect access to the login page as well
  3. The main domain is serving Mixed Content – HTTPS content is served over HTTP when accessing the site over HTTP, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers
  4. There is no Content Security Policy (CSP) that’s now recommended for websites
  5. When registering for their newsletter via the site.

Experts Comments

January 07, 2022
Nadav Levy
Senior Product Manager
Cyberpion

It is clear that Sotheby’s didn’t fully rectify the situation since their initial Magecart attack in 2018. Formjacking a very common and effective technique in supply chain attacks. From our latest research conducted last year, we saw tens of thousands of websites exposed and patterns keep repeating. Often hackers start small by changing something meaningless to learn traffic patterns and observe monitoring tools before choosing the perfect time to strike. Now more than ever, it is critical

.....Read More

It is clear that Sotheby’s didn’t fully rectify the situation since their initial Magecart attack in 2018. Formjacking a very common and effective technique in supply chain attacks. From our latest research conducted last year, we saw tens of thousands of websites exposed and patterns keep repeating. Often hackers start small by changing something meaningless to learn traffic patterns and observe monitoring tools before choosing the perfect time to strike. Now more than ever, it is critical for companies to continually monitor their supply chains to prevent repeat attacks. In addition, companies need to periodically load their scripts to check if they have been manipulated. They should also inspect to see if scripts are being added to pages and then report or block unintended behaviour.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.