Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label E-Skimming. Show all posts

Retail Cybersecurity Threats Analysis

 

Cybercriminals are increasingly focusing their attention on thriving markets and enterprises, and the retail industry is no exception. Retail is a common target for hackers who want to steal both money and client information.

Customers are directly responsible for the success of any retail firm, and every incident that negatively impacts customers will have an impact on business. Financial stability is a key component of any business's success, and one of the worst effects of cyberattacks is the unpredictability of financial losses. Retailers have unique financial risks, such as the possibility that an attacker will lower the price of pricey items in an online store. The retailer will lose money if the attack is undetected and the products are sold and shipped at a discounted price.

Card skimmers, unprotected point-of-sale (PoS) systems, unprotected or public Wi-Fi networks, USB drives or other physical hacking equipment, unprotected Internet of Things (IoT) devices, social engineering, and insider threats are all ways that threat actors can access companies after physically being present there.

Threat actors can also steal or hack susceptible IoT devices using the default technical information or credentials. Last but not least, there are still more potential entry points for cyber infiltration, including inexperienced staff, social engineering, and insider threats.

Potential Threats

Unsecured Point-of-Sale (PoS) Systems and Card Skimmers: It is possible to physically plant fake card readers, or 'skimmers,' inside a store to copy or skim card data. These can also be used for other smart cards, such as ID cards, although they are frequently used to steal credit card information. In places with poor security, like ATMs or petrol pumps, legitimate card readers might have skimmer attachments. Skimmers are simple to install and use Bluetooth to send the data they collect.

Public or insecure Wi-Fi Networks: Backdoors into a company's systems can be created using rogue networks or access points, which can be put on a network's wired infrastructure without the administrator's knowledge. In order to deceive users into connecting to them and aiding man-in-the-middle attacks, they seem to be legal Wi-Fi networks. Hackers can view all file sharing and traffic sent between a user and a server on a public Wi-Fi network if the facility has an encryption-free connection.

Virus-Carrying USB Devices: Once a USB drive is plugged into a target computer, an attacker can utilize it to deliver and run malware directly on business computers. This can be done manually or automatically. Additionally, malicious USB charging stations and cables have been reported in the past. In one example, a USB charging cable for an electronic cigarette contained a tiny chip that was secretly encased in malware.

Untrained Employees, Social Engineering, & Cyberespionage: Threat actors might work out of physical places to use inexperienced workers to get access to company systems. Employees are frequently duped into giving login passwords, account information, or access to company resources through social engineering.

The transition to e-commerce is generally a positive development for retailers. However, this change of direction also poses a threat to e-commerce cybersecurity.


Magecart Allegedly Hacked the Segway Online Store

 

Researchers discovered an online skimmer on Segway's online store which allowed malicious actors to acquire credit cards and personal information from customers during checkout. 

The store has been hacked by Magecart skimmer, is majorly known for Dean Kamen's invention of the two-wheeled, self-balancing personal transporter, additionally, it also makes additional human mobility technologies.

"While the company doesn't know how Segway's site was hacked, an attacker will normally target vulnerabilities in the CMS system or one of its plugins." "The hostname at store.segway[.]com runs Magento, a major content management system (CMS) utilized by numerous eCommerce sites and a favorite of Magecart threat actors."

The attack was traced to Magecart Group 12 by Malwarebytes researchers who discovered a web skimmer on Segway's online store (store.segway.com). The Segway store was connecting a known skimmer website (booctstrap[.]com), which has been operational since November and has been linked to prior Magecart attacks.

The Magento CMS was utilized to breach the store, and threat actors exploited loopholes in vulnerable versions of the CMS or one of its plugins. The firm also discovered a piece of JavaScript hidden in a file called "Copyright," which isn't harmful in and of itself but periodically loads the skimmer. Anyone analyzing the HTML source code will not see the skimmer because of this method. 

The idea that the malicious actors are inserting the skimmer within a favicon.ico file is also noteworthy; Small icon visuals that connect to other sites are known as favicons. This new approach is becoming increasingly widespread, according to Uriel Maimon, senior director of technological innovations at cybersecurity firm PerimeterX. 

"Magecart attackers are getting increasingly inventive with the attempts to avoid detection, especially given the developments in access control over time." Manual code review, static program analysis, and scanners could not have easily spotted the skimmer script hidden behind a favicon claiming to display the site's copyright."

To prevent these types of attacks, buyers should pay with computerized systems, one-time cards, tokens with stringent charging restrictions, or simply pick cash on delivery if available. Using an internet security application that identifies and prevents malicious JavaScript from running on checkout pages may also save you the headache of obtaining your credit card information stolen.

Threat Actors Stealing Credit Card Details Via e-Commerce WordPress Sites

 

As the holiday shopping season approaches, threat actors are intensifying their efforts to infect website owners, thereby administrators should remain vigilant, Sucuri researchers warned. The attackers are now injecting credit card swipers into random plugins of e-commerce WordPress sites to steal customer payment details.

The researchers identified a new technique where threat actors are injecting card skimmers into WordPress plugin files as it avoids the heavily guarded ‘wp-admin’ and ‘wp-includes’ core directories, where most injections are short-lived. 

“The attackers know that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. The next logical step for them would be to target plugin and theme files.” reads the analysis published by Sucuri.

According to a new Sucuri investigation, threat actors first get into WordPress sites and inject a backdoor into the website for persistence. This means that the attacker can retain access to the site, even if the administrator installs the latest security updates for WordPress and installed plugins. 

The backdoor grabs a list of administrators and exploits their authorization cookie and current user login to access the website. Then the attackers add their malicious code to random plugins, Sucuri researchers pointed out that many of the scripts did not contain any typical encoding or obfuscation techniques to avoid detection.

The examination of the code disclosed the presence of references to WooCommerce and multiple unknown variables. The researchers discovered that one of these undefined variables references a domain (array-slice[.]page) hosted on an Alibaba server in Germany, which is strange considering that the infected e-store was operated by a business in North America. 

“If you operate an eCommerce website, be sure to be extra cautious during the holiday season. This is when we see attacks and compromises on e-commerce websites at their highest volume as attackers are poised to make handsome profits from stolen credit card details. Make sure to follow best security practices, harden your administrator dashboard and ideally place your website behind a firewall service,” the researchers concluded.