DTX Manchester DTX Manchester
  • About Us
Monday, 18 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why 2020 will be a bumper Christmas for cybercriminals – and what retailers can do about it

Chris Boyd, Lead Malware Intelligence Analyst and Malwarebytes

by The Gurus
December 18, 2020
in Insight
Chris Boyd Malwarebytes
Share on FacebookShare on Twitter

It may have had a negative impact on the UK economy, but COVID-19 doesn’t appear to have dampened enthusiasm for Christmas shopping. More than 70 percent of consumers intend to spend at least as much on presents this year as they have in the past. But, while this may be good news for embattled retailers, it’s even better news for opportunistic cybercriminals. With lockdown measures forcing consumers online, ecommerce has never been so popular – online spending on Black Friday was up 22 percent on last year. So, this could well be the best Christmas ever for the criminally minded.

Web skimming, in particular, is on the rise. The practice, which involves attacking ecommerce platforms to steal customers’ payment details, rose by 26 percent during the first lockdown in March. With most of the country in Tier Two and Three lockdown measures during December, it’s likely we’ll see its use rise again. It’s vital, then, that retailers do what they can to prevent such attacks and protect their profits – and their reputations – in these challenging times.

Upsetting experience

Occurring at a retail site’s checkout stage, web skimming gives criminals access to a customer’s credit card details, as well as their name, address, email, and often, their date of birth. Once lifted, this hugely valuable data is generally then sold on the dark web, from where it can often be subject to further attacks and – potentially – financial losses.

A targeted web skimming attack was carried out against household brand Tupperware and its associated websites earlier this year. The official Tupperware.com site – which enjoys an average of around one million monthly visits – was compromised in March when malicious code, hidden within an image file, activated a fraudulent payment form during the checkout process from which criminals were able to collect the credit card data of unwitting customers.

As soon as it was alerted to the compromise, Tupperware identified and removed the malicious code. However, as such a high-profile brand with high traffic to its website, Tupperware was unfortunately too late to prevent many of its customers’ credit card details from being “skimmed”.

Remediating the issue

Tupperware reacted as quickly as it could. Unfortunately, even when acting fast, identifying web skimming can be challenging. Unlike with other types of cyber theft, there are often few, if any, visible signs that the malicious code has been injected into a website.

Regardless, remediating the issue and ensuring the safety of their customers’ data requires retailers remove the malicious code from the compromised site the moment it’s identified. They must work with IT and security partners to review logs in order to find the point of entry and, consequently, reveal just how long the criminals had access to the site.

The threat is considered so serious that the British Retail Consortium (BRC) recently published official guidance to help its members avoid falling victim to such attacks. Developed in conjunction with the National Cyber Security Centre (NCSC), the “Cyber Resilience Toolkit for Retail” highlights the range of threats faced by the retail sector, outlining the protective measures retailers need to implement, and recommending actions on how to prevent, mitigate, and recover from any breaches that might occur.

According to its technical director, Ian Levy, the NCSC wants to “keep shoppers’ data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world.”

Minimising risks

In all honesty, there’s no way to entirely prevent web skimming. There are, however, steps retailers can put in place to minimise the risk of such attacks occurring.

More than anything, it’s important to tighten day-to-day security measures. Retailers should work with IT and security partners, applying patches where needed to ensure any potential vulnerabilities are protected.  Stricter access control requirements should be implemented into a site’s backend. Updating passwords and adding two-factor authentication, for example, will help protect a site and its users’ information.

Outsourcing the handling of financial transactions to a larger, trusted third-party will also help reduce the stress and time wasted on managing security risks. While it can be more expensive than running things in-house, guaranteed assurance that customers’ financial information is in safe hands far outweighs the cost of a potential data breach.

Finally, guaranteeing a site’s legitimacy will go a long way to offering customers peace of mind. Spelling and grammatical errors are often a giveaway for online scams. If a retailer ensures all its web copy is free from such mistakes, its customers are more likely to view its site as credible and, therefore, safe to use.

For online retailers and their customers, this is set to be a Christmas like no other. But the same is true for bad actors, too. It’s never been more important to pay attention to the safety of customers’ payment information. With measures in place to prevent and mitigate web skimming and other attacks, retailers can help cancel Christmas for cybercriminals.

By Chris Boyd, Lead Malware Intelligence Analyst and Malwarebytes

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

The ambition for a ‘made in Europe’ AI: the Why, the What and the How

Next Post

The IT skills gap: flexible resourcing is the solution

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

game

400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack

January 15, 2021

XSS vulnerability affects government websites

January 15, 2021

COVID-19 State of Remote Work Survey: 34% of Workers Felt Pressure to Return to the Office

January 15, 2021
CCTV used to spy

Ethics Officer Facing Cyberstalking Charge

January 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept