Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why 2020 will be a bumper Christmas for cybercriminals – and what retailers can do about it

Chris Boyd, Lead Malware Intelligence Analyst and Malwarebytes

by The Gurus
December 18, 2020
in Insight
Chris Boyd Malwarebytes
Share on FacebookShare on Twitter

It may have had a negative impact on the UK economy, but COVID-19 doesn’t appear to have dampened enthusiasm for Christmas shopping. More than 70 percent of consumers intend to spend at least as much on presents this year as they have in the past. But, while this may be good news for embattled retailers, it’s even better news for opportunistic cybercriminals. With lockdown measures forcing consumers online, ecommerce has never been so popular – online spending on Black Friday was up 22 percent on last year. So, this could well be the best Christmas ever for the criminally minded.

Web skimming, in particular, is on the rise. The practice, which involves attacking ecommerce platforms to steal customers’ payment details, rose by 26 percent during the first lockdown in March. With most of the country in Tier Two and Three lockdown measures during December, it’s likely we’ll see its use rise again. It’s vital, then, that retailers do what they can to prevent such attacks and protect their profits – and their reputations – in these challenging times.

Upsetting experience

Occurring at a retail site’s checkout stage, web skimming gives criminals access to a customer’s credit card details, as well as their name, address, email, and often, their date of birth. Once lifted, this hugely valuable data is generally then sold on the dark web, from where it can often be subject to further attacks and – potentially – financial losses.

A targeted web skimming attack was carried out against household brand Tupperware and its associated websites earlier this year. The official Tupperware.com site – which enjoys an average of around one million monthly visits – was compromised in March when malicious code, hidden within an image file, activated a fraudulent payment form during the checkout process from which criminals were able to collect the credit card data of unwitting customers.

As soon as it was alerted to the compromise, Tupperware identified and removed the malicious code. However, as such a high-profile brand with high traffic to its website, Tupperware was unfortunately too late to prevent many of its customers’ credit card details from being “skimmed”.

Remediating the issue

Tupperware reacted as quickly as it could. Unfortunately, even when acting fast, identifying web skimming can be challenging. Unlike with other types of cyber theft, there are often few, if any, visible signs that the malicious code has been injected into a website.

Regardless, remediating the issue and ensuring the safety of their customers’ data requires retailers remove the malicious code from the compromised site the moment it’s identified. They must work with IT and security partners to review logs in order to find the point of entry and, consequently, reveal just how long the criminals had access to the site.

The threat is considered so serious that the British Retail Consortium (BRC) recently published official guidance to help its members avoid falling victim to such attacks. Developed in conjunction with the National Cyber Security Centre (NCSC), the “Cyber Resilience Toolkit for Retail” highlights the range of threats faced by the retail sector, outlining the protective measures retailers need to implement, and recommending actions on how to prevent, mitigate, and recover from any breaches that might occur.

According to its technical director, Ian Levy, the NCSC wants to “keep shoppers’ data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world.”

Minimising risks

In all honesty, there’s no way to entirely prevent web skimming. There are, however, steps retailers can put in place to minimise the risk of such attacks occurring.

More than anything, it’s important to tighten day-to-day security measures. Retailers should work with IT and security partners, applying patches where needed to ensure any potential vulnerabilities are protected.  Stricter access control requirements should be implemented into a site’s backend. Updating passwords and adding two-factor authentication, for example, will help protect a site and its users’ information.

Outsourcing the handling of financial transactions to a larger, trusted third-party will also help reduce the stress and time wasted on managing security risks. While it can be more expensive than running things in-house, guaranteed assurance that customers’ financial information is in safe hands far outweighs the cost of a potential data breach.

Finally, guaranteeing a site’s legitimacy will go a long way to offering customers peace of mind. Spelling and grammatical errors are often a giveaway for online scams. If a retailer ensures all its web copy is free from such mistakes, its customers are more likely to view its site as credible and, therefore, safe to use.

For online retailers and their customers, this is set to be a Christmas like no other. But the same is true for bad actors, too. It’s never been more important to pay attention to the safety of customers’ payment information. With measures in place to prevent and mitigate web skimming and other attacks, retailers can help cancel Christmas for cybercriminals.

By Chris Boyd, Lead Malware Intelligence Analyst and Malwarebytes

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

The ambition for a ‘made in Europe’ AI: the Why, the What and the How

Next Post

The IT skills gap: flexible resourcing is the solution

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information