Thousands of Small and Medium-sized Businesses Had Their Online Stores Hacked
NCSC Warned Owners of more Than 4,000 Online Stores about Their Websites Being Compromised.
The National Cyber Security Centre (NCSC) in the United Kingdom has issued a warning to the owners of over 4,000 online retailers that their sites had been penetrated in Magecart attempts to steal consumers’ financial information.
As reported by BleepingComputer, the threat actors inject credit card skimmers (also known as payment card skimmers or web skimmers) into compromised online stores in Magecart attacks (also known as web skimming, digital skimming, or e-Skimming) to harvest and steal payment and/or personal information submitted by customers at the checkout page.
Small online retailers are being encouraged to protect their customers and profits from the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday.
The activity of skimming exploits a vulnerability in software used at the checkout page on shopping sites to divert payments and steal details of unsuspecting customers. The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities.
The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.
Retailers are urged to ensure that Magento – and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, including moving businesses from the physical to the digital.
The attackers will then utilize this information for different financial and identity theft fraud schemes, or sell it on hacking or carding forums to the highest bidder.
The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities. The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.
After finding the infected e-commerce sites through its Active Cyber Defence program in April 2020, NCSC issued warnings to site owners and small and medium-sized companies (SMEs).
During Black Friday and Cyber Monday, impacted online merchants were advised to keep Magento — and any other software they use — up to date to prevent attackers from breaching their servers and compromising their online stores and customers’ information.
We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period.
Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage.
It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date.
People that wish to purchase online safely this Black Friday should only shop on trustworthy online retailers, use credit cards for online payments, and be wary of suspicious emails and text messages with offers that sound too good to be true, according to the agency.
On Black Friday and Cyber Monday the hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps.
How Can Heimdal™ Help?
When a patch is issued, make sure to deploy it as quickly as feasible in your company to take advantage of its benefits. This is where a Patch and Asset Management Tool may assist you. Our solution supports a wide range of patches, from Microsoft to third-party and proprietary, and what sets us apart is the fastest vendor-to-end-user wait time, which means you’ll have the packed and tested fix ready to deploy in your cloud in less than 4 hours. With an increasing number of employees working from home, an automated Patch and Management solution is becoming increasingly important for any company.