Skimmer Supply Chain Attack On 100 Sotheby’s Real Estate Sites

By   ISBuzz Team
Writer , Information Security Buzz | Jan 07, 2022 11:57 am PST

While running an initial check on that just experienced a supply chain attack on over 100 real estate websites operated by the company, Cyberpion discovered that, the multinational of which Sotheby’s International Realty is a subsidiary, is not adopting the best security policies that should have been implemented from past experience, especially considering their site was infected with digital skimming code back in 2018.

According to Sotheby’s privacy policy, they may share information with Sotheby’s International Realty

 Other key findings include:

  1. Sotheby’s home page ( is accessible over an insecure connection:
  2. This page also refers to their login page (which is loaded securely), but a manipulation on the main site can affect access to the login page as well
  3. The main domain is serving Mixed Content – HTTPS content is served over HTTP when accessing the site over HTTP, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers
  4. There is no Content Security Policy (CSP) that’s now recommended for websites
  5. When registering for their newsletter via the site.
Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Nadav Levy
Nadav Levy , Senior Product Manager
January 7, 2022 8:01 pm

<p><span id=\"m_-2363950598592364041m_4514026821609486002gmail-docs-internal-guid-0b116108-7fff-1264-aace-c98829591868\">It is clear that Sotheby’s didn’t fully rectify the situation since their initial Magecart attack in 2018. Formjacking a very common and effective technique in supply chain attacks. From our latest research conducted last year, we saw tens of thousands of websites exposed and patterns keep repeating. Often hackers start small by changing something meaningless to learn traffic patterns and observe monitoring tools before choosing the perfect time to strike. Now more than ever, it is critical for companies to continually monitor their supply chains to prevent repeat attacks. In addition, companies need to periodically load their scripts to check if they have been manipulated. They should also inspect to see if scripts are being added to pages and then report or block unintended behaviour.</span></p>

Last edited 2 years ago by Nadav Levy

Recent Posts

Would love your thoughts, please comment.x