Over 4,000 Online Retailers Impacted by Software Flaw

The UK’s National Cyber Security Centre (NCSC) was issued a warning noting that a total of 4,151 retailers had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. The retailers impacted have been informed about the vulnerabilities customers are falling victim to over the past 18 months.

According to the warning the majority of victims were impacted by hackers exploiting known vulnerabilities in the e-commerce platform Magento. The vulnerabilities when properly exploited allow the attacker to steal credit card information entered by the customer as well as possibly redirect payments to attacker-controlled bank accounts.

This is by no means the first time these tactics have been used. In 2019, a massive spike in Magecart attacks was seen that impacted a large number of small to medium enterprises. Again, the majority of retailers impacted in the last 18 months have also been small to medium enterprises.

online retailers impacted by a software flaw

Given that many are in preparation to snag some Black Friday and Cyber Monday deals over the fast-approaching weekend the warning issued by the NCSC is particularly poignant. NCSC Deputy Director for Economy and Society Sarah Lyons noted,

“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cybercriminals over the peak shopping period...Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage...It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date.”

Retailers who use Magento, and Magecart for that matter, can help prevent hackers from exploiting vulnerabilities by ensuring their shopping cart packages are updated to the latest versions. This will help prevent hackers from taking advantage of a software flaw that enables them from converting your clients into victims. The Chancellor of the Duchy of Lancaster Steve Barclay warns,

“On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps...It's critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium.”

Retailers can also take several other measures to help protect customers and their businesses. Measures include following best practices to keep data safe. Other measures include embracing new technologies that make it harder to card skim details either from online checkout pages or in-store POS machines.

Technologies that are readily available to this effect include systems that require multi-factor authentication to verify the purchase. Smart cards, virtual cards, and mobile payment apps can also be integrated to give customers peace of mind.

As for retailers, there are also several easily adaptable measures that will increase your security posture. Like retailers can enable the option to allow for multi-factor authentication, many banks now will allow you to do the same whether it is by sending a one-time pin to your mobile number, or will prompt you to verify the purchase via a banking app.

A recent article published on Dark Reading also advises the following pertaining to the rise of QR codes,

“The use of QR codes has also risen during the pandemic, especially among smaller retailers and hospitality venues, as an easy way to place orders and make payments. However, consumers should beware, as QR codes can also direct them to malicious URLs that withdraw funds, capture location details, or link to their social media profiles — all without their knowledge — to steal personal credentials and payment information.”

It is important to consider that online security is a shared responsibility. Consumers have a responsibility to stay cautious about who they share their data with and how they conduct themselves online including how they search and pay for those much-prized Black Friday deals.

Equally, retailers have a major responsibility to not only protect their own data and brand, but also the data of the shoppers who rely on and trust these brands. It is not just cybercriminals looking to commit fraud and data theft that need to be watched out for.

Ransomware Warning

As the United States approaches the Thanksgiving weekend the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning stating that threat actors and especially ransomware operators do not take the holiday off.

The period often involves Americans traveling to see the family through the use of highways and airports and thus really heavily on the nation’s critical infrastructure. Threat actors understand that many organizations will be poorly staffed during this period, increasing the chances of a successful ransomware attack.

This is not without precedent as the FBI notes that significant attacks were witnessed over Mother’s Day and Independence Day in the US, showing that attacking during festive moments is not out of the ordinary.

To this extent, the FBI provides the following mitigation strategies to prevent falling victim over the holidays:

  • Identify IT, security employees, for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
  • Implement multi-factor authentication for remote access and administrative accounts.
  • Mandate strong passwords and ensure they are not reused across multiple accounts.
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal