Online credit card skimmers thrive during pandemic

With hundreds of with millions of people sheltering in place and in quarantine around the world due to the novel coronavirus pandemic, and many physical stores temporarily closed, online shopping has become even more of a lifeline. As consumers increase their spending online, criminals who hack websites to digitally “skim” credit card numbers are having a blast.

Digital skimmers – malicious code that hackers inject into legitimate websites to retrieve payment data – were already a potential risk to online shoppers long before the Covid-19 crisis. But just like spikes in scam activity during peak shopping times like Black Friday, the pandemic is creating ideal conditions for more attacks, especially because businesses are distracted and adapting to work. distance. Yonathan Klijnsma, head of threat research at security firm RiskIQ, said the company detected a 20% increase in online skimming activity in March compared to February.

“E-commerce crime increases whenever an event compels or induces people to do more online transactions,” Klijnsma said. “As we all isolate ourselves now and confined to our homes, it means that online shopping will increase and make it a special time for criminals.”

Two recent high profile victims allude to this whirlwind of activity. Researchers from the security company Malwarebytes published results last week about the criminal code they spotted on the Tupperware food storage company website. The attackers had exploited vulnerabilities in the site to inject their malicious module, which then siphoned off credit card numbers and other data while consumers filled out payment forms to make purchases. A week before that, RiskIQ revealed a similar attack on the mixer company NutriBullet, which the company attributed to the notorious digital skimming group Magecart.

RiskIQ first observed the NutriBullet attack in late February, but was unable to contact the manufacturer of the blender. The researchers therefore coordinated with other internet watchdogs to remove the malicious infrastructure behind the March 1 skimming. Since NutriBullet had not fixed the flaws in the website that the hackers had used to gain a foothold, Magecart established a new skimming operation on the site on March 5. Days later, RiskIQ claims that NutriBullet finally appeared to patch vulnerabilities in its website and shut down the skimmer, but Nutribullet’s inactivity made the whole process slow and inconsistent.

Tupperware has proven to be just as difficult for Malwarebytes to contact. While part of this can be attributed to the normal challenges of disclosing security concerns to businesses, Malwarebytes’ threat intelligence manager Jerome Segura points out that the pandemic can create challenges and distractions that still make more difficult for companies to react. security incidents.

“One thing that may be a side effect of what’s going on right now is that the number of people available to view a business website issue is reduced,” Segura said. “Someone I spoke to at Tupperware got mad at me and basically said, ‘I don’t know what to do with what you’re asking me right now. Everyone is working from home, it’s a tough time. “And I said ‘I totally understand, but you have to fix this.'”

Malwarebytes first attempted to notify Tupperware on March 20. The company appeared to remove the malicious skimmer from its site on March 25, the day Malwarebytes released its findings.

“Tupperware recently became aware of a potential security incident involving unauthorized code on our US and Canadian e-commerce sites,” the company said in a statement. “As a result, we promptly launched an investigation, took steps to remove the unauthorized code, and a large data security forensic firm was engaged to assist with the investigation. We also contacted the police. Our investigation is continuing and it is too early. to provide more details. “

Unlike RiskIQ, Malwarebytes has not detected a significant increase in skimming attacks since the rise of the novel coronavirus, but Segura points out that this is in part because the typical baseline for such attacks is already high enough. . And he agrees that it is especially important at this time for users to be aware of the risk and take precautions.


Source link

David A. Albanese

Leave a Reply

Your email address will not be published. Required fields are marked *