Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label E-Commerce. Show all posts

E-commerce Threat: The WooCommerce Skimming Attacks

E-commerce Threat: The WooCommerce Skimming Attacks

The cybersecurity landscape advances daily and so do threats, e-commerce websites have become a main target for threat actors. In a recent incident, an advanced skimming attack on WooCommerce sites has shed light on the new methods hackers use to steal crucial data. 

The blog discusses the details of this attack, its impact, and the steps businesses can take to protect their e-commerce websites. 

Understanding the Attack

The attack, as explained by Sucuri, uses image extensions and style tags to deploy malicious code into WooCommerce websites. The technique is subtle due to its evasive nature, making it a challenge to detect it through traditional security measures:

1. Vector as Style Tags: Hackers used malicious Javascript within style tags. Style tags are generally used to explain the presentation of HTML elements, and their presence is sometimes overlooked by security scans that focus on script tags. By hiding the skimmer code in style tags, hackers successfully bypassed many security checks.

2. Image Extension Scam: The second layer of the attacks uses an image file extension to mimic a malicious script. The hackers used a fake payment overlay inside an image file, disguising as a favicon. When users interacted with the payment page, the skimmer stole their credit card info and sent it to the hackers’ server.

Impact on the e-commerce industry

This attack brings out various problems in the present state of cybersecurity threats in the e-commerce landscape:

1. Advanced Threats: Threat actors are improving their techniques, making it crucial for security measures to evolve accordingly. Using style tags and image extensions shows a new trend in the level of skimming attacks. 

2. Identifying Problems: Traditional security tools are not advanced enough to identify such sophisticated threats. This demands a more holistic approach to cybersecurity, employing advanced threat protection measures.

3. Gaining User Trust: The success of e-commerce sites depends on gaining user trust. Breaches that steal sensitive data can have long-term effects on an organization’s image and customer loyalty.

“Ultimately, this was a very well-thought-out and detailed skimming attack. There were no obviously malicious domains loading scripts on the checkout page, the footprint within the checkout page was overall quite minimal, and the main payload (in addition to the file location being concealed with some complicated character substitution) was cleverly hidden behind the website’s favicon image,” the Sucuri blog mentions.

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.

E-Commerce Scam: Read These 5 Tips to Stay Safe from Fake Sites

scam

The e-commerce industry has witnessed tremendous growth in the last decade, and it's likely to rise. Tech behemoths like Apple lead the market, but most businesses these days sell goods and services online, including local stores.

Not only has it changed the way of doing business, but e-commerce has also caused a rapid change in shopping consumer habits. Today, buying what you need is just a click away, you can shop from the comfort of your home, that's the trend now. It is evident that online shopping provides a level of ease that traditional retail can't match, however, e-commerce is without a doubt more risky. 

The e-commerce industry is a hotspot of cyber threats, from phishing attacks to false advertising and credit card skimming scams. As a conscious user, we must know how to protect ourselves. These five helpful tips can help you decide if you're on a fake site before you "add to cart" your favorite product. 

Verify the URL

The URL (Uniform Resource Locator) is the address of a webpage. Hackers make fake sites that look almost the same as the original, they use a domain name that's nearly identical to the site domain they are faking. 

The first thing you should look for is if there are any errors or extra characters in the URL.

For instance, an attacker might make a fake site at flippkartt.com, to scam people into thinking they are using the original Flipkart site. But the real URL will look like "https://flipkart.com/." The URL of the fake site would be "http://flippkartt.com/." You might observe there is a difference in the protocol. The original site uses HTTPS (Hypertext Transfer Protocol Secure), while the fake uses HTTP (Hypertext Transfer Protocol). 

The HTTPS prefix means your data is encrypted in transit, but takes more time and cost to set up, so the scammers don't try. 

In a nutshell, most phishing scams work like this. It all comes down to cloning a real business and stealing sensitive info from users. It is always important to check the URL before you proceed. 

The content and design

A real business website would not have grammatical and spelling mistakes. Few scammers might hustle to proofread the content of their fake site, but not all do that. If you visit a site and notice it has mistakes and typos, chances are it's a scam. 

Similarly, a real business won't publish low-quality images or poor designs. Scammers will do that because they don't have an image to maintain. 

The scammer would scrape photos from the web using software, or just put random images that aren't related to the product. This is your sign to stay away from the fake website. 

Don't fall for too-good-to-be-true offers

The iPhone 15 is currently costing around 72000 INR. Suppose you see the product online selling for 30000 INR, it is most likely a scam. 

It is an easy bait as buyers like to crack deals, and in a rush, fall prey to the scam. Scammers know that huge discounts work as a glue trap for economically struggling buyers. So next time, make sure you see the right price before rushing to "add to cart" on an online shopping website. 

Read the About Us page

A legit e-commerce site will always have an elaborate "About Us" page, the buyer can clearly understand the business's goals, mission, etc. with the help of given info. Sometimes, "About Us" also includes info regarding careers, team members, and ownership. Lastly, there's a detailed privacy policy and a contact form for interested customers and media professionals. 

With time, the scams have upped their games as scammers now use AI to scale their attacks, however only a few bother to make a legit "About Us" page. If you notice that an online shopping site doesn't have these elements, and it's lacking transparency, you should avoid it. Don't spend your money without checking these pages. 

Read the reviews

You should always go through an online store's reviews before buying a product. A legit business will always have a review somewhere. You can start with Google reviews, just type the business name and go to the reviews section. Bingo, you can now check what others say about the store. 

If you can't find even a single review, the store might not be fake, but it's best to avoid it. You can also check what others are saying on social media. Twitter and Reddit are some common sites where users share their experiences. It barely takes a minute, but can save you from a scam. 

European Union to Block Amazon’s Acquisition Over iRobot


Amazon.com Inc. has recently proposed a takeover of the Roomba manufacturers iRobot Corp. This proposal is expected to be blocked by the European Union’s antitrust regulators, as they share their concerns that this will have an adverse impact on other robot vacuum makers. 

At a meeting with European Commission officials on Thursday, the e-commerce behemoth was informed that the transaction would probably be denied, according to sources familiar with the situation. The political leadership of the EU must still formally approve a final decision, which is required by February 14.  Meanwhile, Amazon declined to comment on the issue. 

On Friday, iRobot’s shares, based in Bedford, Massachusetts, fell as much as 31% to $16.30, expanding the deal spread to over $35, the greatest since the merger was disclosed more than a year ago.

Regulators believe that other vacuum manufacturers may find it more difficult to compete as a result of iRobot's partnership with Amazon, particularly if Amazon decides to give Roomba advantages over competitors on its online store.

There will probably be opposition to the deal in the US as well. People with an insight into the situation claim that the Federal Trade Commission has been preparing a lawsuit to try and stop the transaction. According to persons speaking about an ongoing investigation, the three FTC commissioners have yet to vote on a challenge or hold a final meeting with Amazon to discuss the possible case.

The investigation over Amazon’s acquisition of iRobot was initiated in July 2023 by the European Commission (EC), the EU’s competition watchdog. 

The EC has until February 14 to make a decision. The commission's 27 most powerful political members must agree to reject the proposal before the EC can make a final decision. 

While iRobot was all set to expand its business in the market of smart home appliances, it witnessed a 40% dip in its shares a few hours after the first reporting of the EU’s intentions in the Wall Street Journal. 

Given that the company has been struggling with declining revenues, the acquisition by Amazon was initially viewed as a boon.

In regards to the situation, Matt Schruers, president of tech lobbying group Computer and Communications Industry Association comments that "If the objective is to have more competition in the home robotics sector, this makes no sense[…]Blocking this deal may well leave consumers with fewer options, and regulators cannot sweep that fact under the rug."  

Exploring Blockchain's Revolutionary Impact on E-Commerce

 

The trend of choosing online shopping over traditional in-store visits is on the rise, with e-commerce transactions dominating the digital landscape. However, the security of these online interactions is not foolproof, as security breaches leading to unauthorized access to vast amounts of data become increasingly prevalent. This growing concern highlights the vulnerabilities in current network structures and the need for enhanced security measures.

Blockchain technology emerges as a solution to bolster the security of online transactions. Operating as a decentralized, peer-to-peer network, blockchain minimizes the risk of malicious activities by eliminating the need for trusted intermediaries. The technology's foundation lies in automated access control and a public ledger, ensuring secure interactions among participants. The encryption-heavy nature of blockchain adds a layer of legitimacy and authority to every transaction within the network.

Initially designed as part of bitcoin technology for decentralized currency, blockchain has found applications in various sectors such as public services, Internet of Things (IoT), banking, healthcare, and finance. Its distributed and decentralized nature inherently provides a higher level of security compared to traditional databases.

As the demand for secure communication methods in e-commerce grows, blockchain technology plays a pivotal role in ensuring the security, efficiency, and speed of transactions on online platforms. Unlike traditional transactions that rely on third-party validation, blockchain integration transforms industries like e-commerce, banking, and energy, ushering in new technologies at a rapid pace. The distributed ledger technology of blockchain safeguards the integrity and authenticity of transactions, mitigating the risks associated with data leaks.

The intersection of blockchain and e-commerce is particularly crucial in the context of a data-driven world. Traditional centralized entities often control and manipulate user data without much user input, storing extensive personal information. Blockchain's decentralized and secure approach enhances the safety of conducting transactions and storing digital assets in the e-commerce landscape.

The transformative impact of blockchain on e-commerce is evident in its ability to optimize business processes, reduce operational costs, and improve overall efficiency. The technology's applications, ranging from supply chain management to financial services, bring advantages such as transparent business operations and secure, tamper-proof transaction records.

The evolution of the internet, transitioning from a tool for educational and military purposes to a platform hosting commercial applications, has led to the dominance of e-commerce, a trend accelerated by the global COVID-19 pandemic. Modern businesses leverage the internet for market research, customer service, product distribution, and issue resolution, resulting in increased efficiency and market transparency.

Blockchain, as a decentralized, peer-to-peer database distributed across a network of nodes, has significantly reshaped internet-based trade. Its cryptographic storage of transaction logs ensures an unchangeable record, resilient to disruptions in the digital age. Blockchain's current applications in digitizing financial assets highlight its potential for secure and distributable audit trails, particularly in payment and transaction systems.

The e-commerce sector, facing challenges since its inception, seeks a secure technological foundation, a role poised to be filled by blockchain technology. The decentralized nature of blockchain enhances operational efficiency by streamlining workflows, especially with intermediaries like logistics and payment processors. It introduces transparency, recording every transaction on a shared ledger, ensuring traceability and building trust among participants.

Cost-effectiveness is another advantage offered by blockchain in e-commerce, as it enables sellers to bypass intermediaries and associated transaction fees through cryptocurrencies like Bitcoin. The heightened security provided by blockchain, built on Distributed Ledger Technology (DLT), becomes indispensable in an industry where data breaches can lead to significant revenue losses and damage to brand reputation.

Blockchain's applications in e-commerce span various aspects, including inventory control, digital ownership, loyalty reward programs, identity management, supply chain tracking, and warranty management. These applications set new standards for online businesses, promising a more secure, efficient, and customer-centric e-commerce world.

As blockchain continues to evolve, its potential impact on the e-commerce sector is expected to grow. The technology holds the promise of unlocking more innovative applications, fostering an environment where trust, efficiency, and customer satisfaction take center stage. The future of e-commerce, driven by blockchain, transcends mere transactions; it aims to create a seamless, secure, and user-centric shopping experience that adapts to the evolving needs of businesses and consumers in the digital age.

Gen Z's Take on AI: Ethics, Security, and Career

Generation Z is leading innovation and transformation in the fast-changing technological landscape. Gen Z is positioned to have an unparalleled impact on how work will be done in the future thanks to their distinct viewpoints on issues like artificial intelligence (AI), data security, and career disruption. 

Gen Z is acutely aware of the ethical implications of AI. According to a recent survey, a significant majority expressed concerns about the ethical use of AI in the workplace. They believe that transparency and accountability are paramount in ensuring that AI systems are used responsibly. This generation calls for a balance between innovation and safeguarding individual rights.

AI in Career Disruption: Navigating Change

For Gen Z, the rapid integration of AI in various industries raises questions about job stability and long-term career prospects. While some view AI as a threat to job security, others see it as an opportunity for upskilling and specialization. Many are embracing a growth mindset, recognizing that adaptability and continuous learning are key to thriving in the age of AI.

Gen Z and the AI Startup Ecosystem

A noteworthy trend is the surge of Gen Z entrepreneurs venturing into the AI startup space. Their fresh perspectives and digital-native upbringing give them a unique edge in understanding the needs of the tech-savvy consumer. These startups drive innovation, push boundaries, and redefine industries, from healthcare to e-commerce.

Economic Environment and Gen Z's Resilience

Amidst economic challenges, Gen Z has demonstrated remarkable resilience. A recent study by Bank of America highlights that 73% of Gen Z individuals feel that the current economic climate has made it more challenging for them. However, this generation is not deterred; they are leveraging technology and entrepreneurial spirit to forge their own paths.

The McKinsey report underscores that Gen Z's relationship with technology is utilitarian and deeply integrated into their daily lives. They are accustomed to personalized experiences and expect the same from their work environments. This necessitates a shift in how companies approach talent acquisition, development, and retention.

Gen Z is a generation that is ready for transformation, as seen by their interest in AI, data security, and job disruption. Their viewpoints provide insightful information about how businesses and industries might change to meet the changing needs of the digital age. Gen Z will likely have a lasting impact on technology and AI as it continues to carve its path in the workplace.


Tech Giants Threaten UK Exit Over Privacy Bill Concerns

As US tech giants threaten to sever their links with the UK, a significant fear has emerged among the technology sector in recent days. This upheaval is a result of the UK's proposed privacy bill, which has shocked the IT industry. The bill, which aims to strengthen user privacy and data protection rights, has unintentionally sparked a wave of uncertainty that has US IT companies considering leaving.

The UK's plans to enact strict privacy laws, which according to business executives, could obstruct the free movement of information across borders, are at the core of the issue. Users would be able to request that their personal data be removed from company databases thanks to the unprecedented power over their data that the new privacy regulation would give them. Although the objective is noble, major figures in the tech industry contend that such actions may limit their capacity to offer effective services and innovate on a worldwide scale.

US tech giants were quick to express their worries, citing potential issues with resource allocation, regulatory compliance, and data sharing. The terms of the bill might call for a redesign of current systems, which would be costly and logistically challenging. Some businesses have openly addressed the prospect of moving their operations to more tech-friendly locations due to growing concerns about innovation and growth being hampered.

Additionally, some contend that the proposed measure would unintentionally result in fragmented online services, where users in the UK might have limited access to the platforms and functionalities enjoyed by their counterparts elsewhere. This could hurt everything from e-commerce to communication technologies, harming both consumers and businesses.

The topic has received a lot of attention, and tech titans are urging lawmakers to revisit the bill's provisions to strike a balance that protects user privacy without jeopardizing the viability of their services. An exodus of technology could have far-reaching effects. The consequences might be severe, ranging from employment losses to a decrease in the UK's status as a tech center.

There is hope that as conversations proceed, a solution will be found that takes into account both user privacy concerns and the practical requirements of the tech sector. The preservation of individual rights while promoting an atmosphere where innovation can flourish depends on finding this balance. Collaboration between policymakers, tech corporations, and consumer advocacy organizations will be necessary to find common ground.


Royal Mail's £1bn Losses: Strikes, Cyber Attack, and Online Shopping Crash

The Royal Mail, the UK's national postal service, has reported losses surpassing £1 billion as a combination of factors, including strikes, a cyber attack, and a decrease in online shopping, has taken a toll on its post and parcels business. These significant losses have raised concerns about the future of the company and its ability to navigate the challenges it faces.

One of the key contributors to the Royal Mail's losses is the series of strikes that occurred throughout the year. The strikes disrupted operations, leading to delays in deliveries and increased costs for the company. The impact of the strikes was compounded by the ongoing decline in traditional mail volumes as more people turn to digital communication methods.

Furthermore, the Royal Mail was also targeted by a cyber attack, which further disrupted its services and operations. The attack affected various systems and required significant resources to mitigate the damage and restore normalcy. Such incidents not only incur immediate costs but also undermine customer trust and confidence in the company's ability to protect their sensitive information.

Another factor contributing to the losses is the decline in online shopping, particularly during the pandemic. With lockdowns and restrictions easing, people have been able to return to physical retail stores, leading to a decrease in online orders. This shift in consumer behavior has impacted Royal Mail's parcel business, which heavily relies on the growth of e-commerce.

To address these challenges and turn the tide, the Royal Mail will need to focus on several key areas. Firstly, the company should strive to improve its relationship with its employees and work towards resolving any ongoing disputes. By fostering a harmonious working environment, the Royal Mail can minimize disruptions caused by strikes and ensure the smooth functioning of its operations.

Secondly, it is crucial for the Royal Mail to enhance its cybersecurity measures and invest in robust systems to protect against future cyber attacks. Strengthening the company's digital defenses will not only safeguard customer data but also bolster its reputation as a reliable and secure postal service provider.

Lastly, the Royal Mail must adapt to changing consumer behaviors and capitalize on emerging opportunities in the e-commerce market. This could involve diversifying its services, expanding its international reach, and investing in innovative technologies that streamline operations and enhance the customer experience.




IcedID: A New Era with 'Lite and Fork' Malware

 

Proofpoint, a cybersecurity research firm, recently discovered two new variants of the IcedID malware namely "Lite" and "Forked." The original IcedID malware has been around since 2017 and is commonly used by cybercriminals, but these new versions were only seen for the first time in late 2022 and early 2023. 

The Lite IcedID Variant was first discovered in November 2022 in a malware campaign found to be distributed as a follow-up payload in a malware campaign known as TA542 Emotet. Unlike other malware campaigns that aim to steal sensitive data, the Emotet campaign primarily delivers the Lite version of the IcedID Bot. 

This Lite variant, however, lacks certain important features that are typically used for banking fraud. Despite this, the IcedID Lite still poses a significant threat as it can be used to deliver other types of malware, such as ransomware, and can compromise the security of a victim's computer system. 

On the other hand, the Forked IcedID Variant was first seen in February 2023 and it has been used in seven different campaigns. This variant is similar to the original IcedID in that it downloads from a server, but it also has some similarities to the Lite version. 

IcedID is a type of malware that was originally designed to steal banking information and is also capable of facilitating the installation of other types of malware, such as ransomware, into a victim's computer. 

According to the data, it was first discovered in 2017, and since then, there has been only one version of it that remained unchanged. This particular variant of IcedID includes an initial loader that communicates with a Loader C2 server and then downloads a standard DLL Loader, which ultimately installs the IcedID Bot into the targeted computer. 

Furthermore, the company found out that IcedID malware has been used in numerous campaigns by threat actors between 2022 and 2023. At least five different groups have been directly distributing the malware in these campaigns. The majority of the threat actors have been identified as initial access brokers, whose primary goal is to facilitate infections that lead to ransomware attacks. 

While most of the threat actors are using the standard IcedID variant, researchers at Proofpoint have found evidence of modified versions being used by a particular group of actors who appear to be shifting their focus away from banking fraud and toward delivering malicious payloads, potentially including ransomware. This suggests that the group is attempting to expand its criminal activities and become more versatile in its tactics.

Furthermore, based on the timing and association with Emotet infections, Proofpoint researchers suspect that the creators of Emotet have partnered with IcedID operators to expand their activities. This partnership may include testing the new Lite variant of IcedID through existing Emotet infections.

Globally, Over 4 Million Shopify Users Are at Risk

 


In a report published on Friday by CloudSEK's BeVigil, a security search engine for mobile apps, it has been found that over four million users of e-commerce apps around the world are exposed to the risk of hardcoded Shopify tokens.   

As an e-commerce platform, Shopify allows anyone to create a store that enables them to sell their products online and allows businesses to do the same. Shopify is expected to be used by more than 4.4 million websites by the end of 2023 and is located in more than 175 countries. 
 
Researchers are claiming that there is a risk that crooks will gain access to sensitive data belonging to millions of Android users with e-commerce apps. 

It was recently revealed in a CloudSEK BeVigil report that researchers discovered 21 e-commerce apps that had 22 hardcoded Shopify API keys and that these keys/tokens could potentially expose the personally identifiable information (PII) of roughly four million users to the possibility of identity theft. 

A hardcoded API key becomes visible to anyone with access to the code, including attackers and unauthorized users, as soon as the key is hardcoded in the code. An attacker can access sensitive data and perform actions on behalf of the program if they can access the hardcoded key. They can then use it to access sensitive data. The company said in a press release that even if they do not have the authorization to do so, they could still do it of their own volition. 

Information About Credit Cards

It is estimated that at least 18 of the 22 hardcoded keys allow attackers to use them to view sensitive data that belongs to customers. The researchers explained that this is based on their findings further in their report. A second report provided by the researchers states that seven API keys enable users to view and modify gift cards. In addition, six API keys allow a threat actor to steal information about payment accounts.  

As part of the sensitive data, collect name, email address, website address, country, address complete, phone number, and other information related to the shop owner is collected. The site also enables customers to access information regarding their past orders and their preferences for receiving emails.  

Regarding information on payment accounts, threat actors may be able to access details about banking transactions, like credit or debit cards used by customers to make purchases. These can be obtained by obtaining the BIN numbers of credit cards, the ending numbers of the cards, the name of the company that issued the cards, the IP addresses of browsers, the names on the cards, expiration dates, and other sensitive information. 

According to the researchers, one of the exposed API keys used by the shop provided shop details on authentication, hoping to show their point. 

Researchers have also pointed out that this is not a Shopify employee error but rather a widespread issue with app developers leaking API keys and tokens to third parties.   

An e-commerce platform such as Shopify enables businesses of all sizes to easily create an online store and, in turn, sell their products online. It is estimated that there are more than four million websites with Shopify integration today, enabling both physical and digital purchases from their online shoppers.   

CloudSEK notified Shopify about their findings however, no response has yet been received from Shopify in response.   

Automation: Give Yourself the Gift of Secure Holiday E-Commerce


A brand-new year is on our way, and so are the tremendously awaited holidays. These holidays are for everyone, even a retail sector employee, for whom it is also the busiest time of the year. Nonetheless, this time offers ways to increase one's chances of a fun-loving and peaceful holiday with friends and/or family. 

The holiday season has just arrived, it is finally giving the overworked, and over-stressed cybersecurity engineers a chance to consider a break. 

But the holidays, unfortunately, would not deter the threat actors from lurking in the cyber world with their malicious intentions. We will be discussing some of the ways that could mute these malicious actors. 

One of the methods that work like a magic at times like these is Automation. If one would want to keep the tip of the scales in their favor for these holidays, he must cede the tasks of cybersecurity to the trustworthy good-bots. 

Here are some of the cybersecurity groundwork to set, in order to save holiday time for oneself.

Making Sure New Accounts Are on the Good List 

The creation of new accounts is probably going to increase during the holiday season for anyone who is not in B2B. New sign-ups are not exactly unusual, whether it is because people want to purchase something from your website or because they simply have more time to spare around the holidays. Additionally, there will be those taking advantage of the New Year's bargains and sales, using up their departmental budget from the previous year while they still can, and registering the warranties on gifted products. 

Unfortunately, this also indicates a perfect time for malicious actors to create illicit accounts, in order to evade detection in online traffic. In the medium to large enterprises that experience high volumes around this time, the sheer volume of new account creation prevents manually checking each one. 

Thus, many of the malicious bots choose this time of the year to create a large number of illicit accounts. Although, these accounts would most likely not do any harm, at least for a while. But one would not want these accounts to simply exist, sit around and develop since they can further be utilized for a variety of malicious cyber-activities and attacks. 

Thus, before setting oneself on holiday mode, one must make sure that the automated account validation services are operating properly. In order to keep the same in check, ensure to run some tests, ensure that the bots are being caught when making new accounts, and double checking the associated logging and reporting functions. 

Keeping Inventory Numbers Accurate for Santa

It takes a lot of effort and hard work in order to establish an inventory that would aid in surviving the holiday rush. But, this may as well go down the drain if some mean-spirited competitors or threat actors mess with the systems.  

But this is not uncommon for threat actors to execute such attacks on holidays as such. They make this happen by utilizing botnets that are capable of messing with the inventory via stockout, or denial-of-inventory attacks. These attacks include placing fraudulent orders and reserving them only to cancel once the holiday rush is over. 

Thus, it is advised to keep a check on the automation and detect any illicit stockout activities. Below are a few more tips before you sign off for the holiday season. 

  • It is advised to conduct an analysis of seasonal false positives from previous holidays, the week before the business closes for the holidays. Make sure to have a good concept of what those impressions look like if you anticipate being hit with false positives. One must accomplish this task before leaving for the year if he can develop more precise filters that will detect the evil folks but let them sleep in on Boxing Day.  
  • Since social media click frauds are rampant at this time of the year, one must make sure that their automation covers all the social media profiles, or it may lead to reputational damage before the social media could get a hold of it once the holidays are over. 

Cybersecurity would be the last thing to have in the back of the minds of people, and even cybersecurity officials, who are hurrying out of the workplaces at the end of the year. 

The solution is automation, for one can set up automated protections once and enjoy greater security permanently, it works as a fantastic stress reliever. Giving opportunity to people, to enjoy their holiday season in the best way.  

Binance Bridge Hit by $560 Million Hack

A group of threat actors exploited a cross-chain bridge to transfer $560 million worth of cryptocurrency from the world’s biggest exchange Binance Bridge. The hack is deemed to have been perpetrated by a bug within the bridge. It enabled the hacker to breach the safety proofs of the BNB Chain. 

Following the incident, Binance BNB/USD fell greater than 3% on Friday. A single-day hack on the BNB Chain led to a lack of at least $100 million. However, BNB Chain estimates the determination at $7 million, with about $560 million initially focused. 

Binance is a cryptocurrency exchange designed to help with the transfer of information and assets between blockchains, it is the largest exchange in the world in terms of the daily trading volume of cryptocurrencies. 

The information about the hack was delivered to the public on Thursday by Binance CEO Changpeng Zhao. He announced on Twitter that the threat actors exploited vulnerability in the BSC (BNB Chain) Token Hub cross-chain bridge. 

“An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” he added. 

According to Zhao, the overall loss that the platform has to bear because of the attack is around $100 million worth of BNB. However, the threat actors’ wallet reportedly received two transactions of 1,000,000 BNB each, which is worth more than $560 million. 

However, the platform assured its customers that their funds are safe and secure. When the platform learned about the heck it worked with validators to temporarily suspend BSC, to freeze transfers. Additionally, the platform reported that it has already recovered some of the stolen funds. 

“We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly…” the platform reported. “…Initial estimates for funds taken off BSC are between $100M - $110M. However, thanks to the community and our internal and external security partners, an estimated $7M has already been frozen,” 

Data Breach Reported by Cleartrip: User Data Traded

On July 18, the airline and hotel booking company Cleartrip had a serious data breach after hackers allegedly posted the stolen data on the dark web.

In an email to consumers, Cleartrip stated that a security anomaly had allowed for unauthorized and illegal access to some of its internal systems. The site, which is run by e-commerce major Flipkart, informed that it is still looking into the matter and that it has hired a forensic team from outside to assist it. 

"We would like to reassure you that, other than some information, no sensitive information belonging to your Cleartrip account has been compromised due to this anomaly in our systems. The investigation has thus far shown that limited information including name, email address, and phone number are thought to have been impacted," a business official stated.

The company claimed that it has notified the Indian cyber police and is planning to take legal action if necessary.

After SpiceJet disclosed that it had been the target of a ransomware attack in May, hundreds of passengers were left detained at airports all around India. According to a TechCrunch report from 2020, a security researcher was able to breach SpiceJet's servers and obtain the personal data of 1.2 million passengers, including numerous government figures.

Cleartrip is a global online travel company that also operates in Oman, Qatar, Kuwait, Bahrain, and Saudi Arabia in addition to India. This is not the first data theft that Cleartrip has experienced, a gang known as Turtle Squad hacked the website in 2017 and temporarily vandalized it, as per the reports. 



Caramel Credit Card Theft is Proliferating Day by Day

 

A credit card stealing service is gaining traction, providing a simple and automated option for low-skilled threat actors to enter the sphere of financial fraud. Credit card skimmers are malicious scripts that are put into compromised e-commerce websites and wait patiently for customers to make a purchase. 

Following a purchase, these malicious scripts capture credit card information and transport it to remote sites, where threat actors can collect it. Threat actors then use these cards to make online purchases for themselves or sell the credit card information to other threat actors on dark web markets for as little as a few dollars. Domain Tools found the new service, which claims that it is run by a Russian criminal outfit called "CaramelCorp." 

Subscribers receive a skimmer script, deployment instructions, and a campaign management panel, which includes everything a threat actor needs to start their own credit card stealing campaign. Caramel only sells to Russian-speaking threat actors after a first verification procedure that weeds out individuals who use machine translation or are new to the sector. 

A lifetime subscription costs $2,000, which isn't cheap for aspiring threat actors, but it includes complete customer service, code upgrades, and growing anti-detection methods for Russian-speaking hackers. 

The "setInterval()" technique, which exfiltrates data between preset periods, is used to acquire credit card data. While it may not appear to be an efficient strategy, it can be used to collect information from abandoned carts and completed purchases. Finally, the campaigns are managed through a panel that allows the subscriber to monitor the affected e-shops, configure the gateways for obtaining stolen data, and more. 

While Caramel isn't new, and neither are skimming campaigns. In December 2020, Bleeping Computer discovered the first dark web posts offering the kit for sale. Caramel has grown in popularity in the underground scene thanks to continued development and advertising. The existence of Caramel and other similar skimming services lowers the technical barrier to starting up and managing large-scale card skimming campaigns, potentially increasing the prevalence of skimmer operations. 

One can defend themself from credit card skimmers as an e-commerce platform user by utilising one-time private cards, putting up charging limitations and prohibitions, or just using online payment methods instead of cards.

FFDroider: A New Malware that Hacks Social Media Accounts

 

FFDroider, a new kind of information stealer has emerged, it steals cookies and credentials from browsers and hacks the target's social media accounts. FFDroider, like any other malware, spreads through software cracks, free software games/apps, and other downloaded files from torrent sites. While installing these downloads, FFDroider will also be initialized, but as a Telegram desktop app disguise to avoid identification. After it's launched, the malware creates "FFDroider" named windows registry key, which eventually led to the naming of this malware. 

FFDroider targets account credentials and cookies stored in browsers like Chrome, Mozilla Firefox, Microsoft edge, and internet explorer. For instance, the malware scans and parses SQLite Credential stores, Chromium SQLite cookies, and decrypts these entries by exploiting Windows Crypt API, particularly, the CryptUnProtectData function. The process is similar to other browsers, with functions such as InternetGetCookieRxW and IEGet ProtectedMode Cookie exploited for stealing the cookies in Microsoft Edge and Internet Explorer. 

"If the authentication is successful on Facebook, for example, FFDroider fetches all Facebook pages and bookmarks, the number of the victim's friends, and their account billing and payment information from the Facebook Ads manager," reports Bleeping Computer. The decryption and stealing of these cookies lead to clear text usernames and passwords, which are later extracted through an HTTP Post request from the C2 server in the malware campaign. 

FFDroider isn't like other passwords hacking Trojans, its operators do not care about all account credentials present in the browsers. On the contrary, the malware operators focus on stealing credentials from social media accounts and e-commerce websites, these include Amazon, Facebook, Instagram, eBay, Etsy, Twitter, and WAX Cloud wallet's portal. Bleeping Computer reports, "after stealing the information and sending everything to the C2, FFDroid focuses on downloading additional modules from its servers at fixed time intervals."

NCSC Urges Customers to Stay Aware About Scams On E-commerce Platforms

 

National Cyber Security Centre (NCSC) made a final request to customers prior to the busiest weekend before Christmas, to be aware of fraud and data theft attacks. The GCHQ agency requested customers to secure their devices, be informed about unsolicited messages, and reduce the size of information they input into online shopping websites and e-commerce websites. As per the banking body of UK Finance, around €22 bn was spent online on Christmas shopping last year because of the Covid-19 pandemic. 

Currently, with the rise of the Omicron variant, 2021 probably experienced a similar pattern, risking more customers vulnerable online. The attacks may come in many forms, it may include phishing emails having fake shipping details, and fake warnings about hacked accounts or fake gift cards which require the user to share personal details in order to use the offers. Customers may also be contacted through social media messages and emails having "unbelievable" offers for popular discount gift items, like electronics. Once the customer falls for these tricks, he loses his money along with banking details and personal information, which is stolen by the hackers. 

As per NCSC, the urge to buy last moment presents during a festival may be a reason that customers fall victim to such attacks easily. In order to be safe, users can follow some practical steps like having a strong password on websites before placing an order. It is advised to use strong, unique passwords with two-factor authentication for every account, especially banking, email and payment services. Online customers are also advised to avoid unsolicited notifications, particularly messages linked to suspicious websites, and platforms that depend on payment with a credit card. 

Lastly, customers should log in as guests while making a purchase to avoid revealing too much personal information. As per NCSC, "if you think your credit or debit card has been used by someone else, let your bank know straight away so they can block anyone using it. Always contact your bank using the official website or phone number. Don't use the links or contact details in the message you have been sent or given over the phone."

CronRAT is a Linux Malware that Hides in Cron Jobs with Invalid Dates

 

Researchers have discovered a novel Linux remote access trojan (RAT) that uses a never-before-seen stealth approach that includes scheduling malicious actions for execution on February 31st, a non-existent calendar day. CronRAT, according to Sansec Threat Research, "enables server-side Magecart data theft that avoids browser-based security solutions." The RAT was spotted on multiple online stores, including the country's largest outlet, according to the Dutch cybersecurity firm. 

CronRAT takes advantage of the Linux task scheduling system cron, which allows tasks to be scheduled on days that do not exist on the calendar, such as February 31st. Even if the day does not exist in the calendar, the Linux cron system accepts date requirements as long as they have a proper format, which implies the scheduled task will not run. CronRAT relies on this to maintain its anonymity. According to research released by Sansec, it hides a "sophisticated Bash programme" in the names of scheduled tasks. 

"The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3," the researchers explained. "These lines are syntactically valid, but would generate a run time error when executed. However, this will never happen as they are scheduled to run on February 31st." 

The RAT also employs a variety of obfuscation techniques to make analysis more difficult, such as hiding code behind encoding and compression barriers and implementing a custom binary protocol with random checksums to get around firewalls and packet inspectors before establishing communications with a remote control server and waiting for further instructions. The attackers linked to CronRAT can run any code on the infected system with this backdoor access, according to the researchers. 

"Digital skimming is moving from the browser to the server and this is yet another example," Sansec's Director of Threat Research, Willem de Groot, said. "Most online stores have only implemented browser-based defenses, and criminals capitalize on the unprotected back-end. Security professionals should really consider the full attack surface." 

Sansec describes the new malware as “a serious threat to Linux eCommerce servers,” due to its capabilities such as fileless execution, timing modulation, anti-tampering checksums, controlled via binary, obfuscated protocol, launches tandem RAT in separate Linux subsystem, control server disguised as “Dropbear SSH” service and payload hidden in legitimate CRON scheduled task names.

Software Flaw in E-Commerce Sites Abused by Hackers

 

The National Cyber Security Centre (NCSC) of the United Kingdom has notified the administrators of over 4,000 online retailers warning that their sites had been penetrated with Magecart attacks to steal consumers' financial information. 

Malicious actors infuse scripts known as credit card skimmers (aka payment card skimmers or web skimmers) into vulnerable online stores in Magecart attacks (also known as web skimming, digital skimming, or e-Skimming) to extract and rob payment or personal information submitted by patrons at the payment page. 

Eventually, the attackers would exploit this data in different financial and identity theft fraud operations, or they will auction it to the highest bidder on hacking or carding sites. 

"The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities," the UK cybersecurity agency said. 

"The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform." 

Throughout April 2020, NCSC has been monitoring these stores and has sent alerts to site operators and small and medium-sized organizations (SMEs) after finding the infected e-commerce sites through its Active Cyber Defence program. 

During Black Friday and Cyber Monday affected online merchants were reminded to maintain Magento — and any other software they employ — up to date to prevent attackers from breaching their servers and compromising their online shops and customers' data. 

"We want small and medium-sized online retailers to know how to prevent their sites from being exploited by opportunistic cybercriminals over the peak shopping period," said Sarah Lyons, NCSC Deputy Director for Economy and Society. 

"It's important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date." She added.

The organization also advises individuals and families who would like to buy online securely, to only purchase from trusted online retailers, utilize credit cards for online payments, and always be on the lookout for suspicious emails and text messages featuring offers that appear too good to be true. 

The US Cybersecurity and Infrastructure Security Agency (CISA) also issued security guidelines for staying safe while buying online. 

"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps," said Steve Barclay, Chancellor of the Duchy of Lancaster. 

"It's critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium."

WooCommerce Multi Currency Bug Allows Customers to Modify the Cost of Items on Online Stores

 

A security flaw in the WooCommerce Multi Currency plugin might allow any consumer to alter product prices in online stores. WooCommerce Multi Currency enables consumers to switch currencies and assists the shop in accepting multi-currency payments. It is possible to set the exchange rate manually or automatically. The plugin may automatically detect the customer's location and display the price in their local currency. 

WooCommerce is a WordPress-based eCommerce plugin; the Multi Currency plugin from Envato, on the other hand, allows WooCommerce users to customise prices for foreign customers. On the Envato Marketplace, it has a total of 7,700 sales. 

According to Ninja Technologies Network (NinTechNet), the problem is a broken access-control vulnerability in Multi Currency version 2.1.17 and lower, which affects the “Import Fixed Price” feature, which allows eCommerce sites to set custom prices, overwriting any prices calculated automatically by exchange rate. 

“The import function, import_csv(), is loaded by the wmc_bulk_fixed_price AJAX hook in the “woocommerce-multi-currency/includes/import-export/import-csv.php” script,” according to a NinTechNet analysis on Monday. “The function lacks a capability check and a security nonce, and therefore is accessible to all authenticated users, which includes WooCommerce customers.” 

Cybercriminals might take advantage of the flaw by uploading a specially prepared CSV file to the site that contains the current currency of a product as well as the product ID. According to experts, this permits them to modify the price of one or more items. A comma-separated values (CSV) file allows you to save data in a tabular format. Most spreadsheet programmes, such as Microsoft Excel or Google Spreadsheets, can open SV files. They vary from other spreadsheet file types in that they can only contain a single sheet and do not store cell, column, or row information. In addition, formulas cannot be saved in this format. 

“The vulnerability is particularly damaging for online shops selling digital goods because the attacker will have time to download the goods,” they said. “It is important to verify every order because the hack doesn’t change the product’s price in the backend, hence the shop manager may unlikely notice it immediately.” 

Patching needs for WooCommerce users have been increasing recently. Envato's WooCommerce Dynamic Pricing and Discounts plugin was discovered to have two security vulnerabilities in late August, which may allow unauthenticated attackers to inject malicious code onto websites running unpatched versions. This can lead to a number of assaults, such as website redirection to phishing pages, the injection of malicious scripts on product pages, and so on.

E-Commerce Theft: Dark Web Card Payment Store ValidCC Shut Down


A dark web market handled by a cybercrime group, Valid CC has been hacking online merchants and stealing payment credentials for more than six years. Last week, Valid CC closed down abruptly. The owners of Valid CC say that a law enforcement operation seized their servers. The operation aimed to seize and capture the store's infrastructure. A number of online shops sell "card not present" or "CNP" payment data on the internet. The payment data may be stolen from credit cards of e-commerce stores, but it's mostly sourced from cybercriminals and threat actors.  

However, in the case of Valid CC, experts believe that the store attacked and hacked hundreds of e-commerce merchants. The hackers seeded websites with hidden card skimming codes that stole personal information and payment credentials when a customer went through the checkout stage.   Group-IB, a Russian based cybersecurity firm, had published a report last year where it briefed about the operations of Valid CC, highlighting that Valid CC was responsible for hacking around 700 e-commerce stores. Besides this, Group IB identified another group "UltraRank" responsible for attacking additional 13 third-party suppliers that offered software components to these online stores spread across Europe, America, and Asia.  

Experts believe that UltraRank orchestrated a series of cyberattacks, which were earlier attributed to three different cybercrime groups by cybersecurity firms. "Over five years….UltraRank changed its infrastructure and malicious code on numerous occasions, as a result of which cybersecurity experts would wrongly attribute its attacks to other threat actors,” said Group-IB. It adds, “UltraRank combined attacks on single targets with supply chain attacks.” Valid CC's muscle man on various platforms- a hacker who goes by the handle of SPR, notified customers that the shop would be shut down from 28 January, following a law enforcement operation that sealed Valid CC's operations. 

According to SPR, Valid CC lost access to more than 600,000 unsold payment card accounts, a very heavy blow to the store's inventory.  As a result, Valid CC lost its proxy and destination servers, and now it can't open and decrypt the back-end, says SPR.  Group-IB reports, "the store’s official representative on underground forums is a user with the nickname SPR. In many posts, SPR claims that the card data sold in the ValidCC store was obtained using JS sniffers. Most of SPR’s posts are written in English, however, SPR often switches to Russian, while communicating with customers. This might indicate that ValidCC is probably managed by a Russian speaker."