NCSC issues retail security alert ahead of Black Friday sales
Monday, November 23, 2020
Black Friday, a holiday originally made up by US retailers to entice bargain-hungry shoppers to its malls over the late-November long Thanksgiving weekend, went global in the 2000s alongside the spread of the internet, and it is now also accompanied by the Cyber Monday sales event.
Ilia Kolochenko, founder and CEO of ImmuniWeb, said the risks of online shopping were heightened this year because of the Covid-19 pandemic.
“During the pandemic, many small local shops moved online, without any precautions in terms of security or privacy, let alone compliance,” he said.
“On the dark web, we are observing a growing number of diversified proposals offering access to hundreds of breached and backdoored small e-commerce websites, which may be sold as cheaply as several dollars per website.
“The website owners are obviously unaware of this. Moreover, many cyber gangs patch the vulnerabilities that they exploited to get in, thereby precluding their criminal competitors from taking over the unwitting victim.
“Thus, online shoppers unfortunately cannot do much to secure themselves when the online shop is already compromised.”
One of the most widespread and well-known post-compromised exploitation vectors is Magecart, a credit card skimmer injected into websites that leeches the credit card details of unwitting victims to sell on in underground cyber crime forums.
Unfortunately, said Kolochenko, online shoppers should therefore avoid unknown or small sellers unless they can convincingly demonstrate their security, and perform all online transactions with a dedicated credit card with as small a credit limit as you can stand. Read Full Article
Information Security Buzz: Experts Reacted On News That Micropayments Company Coil Exposed Hundreds Of Customer Email Addresses