![]() ![]() The founder and CEO of web security company ImmuniWeb, Ilia Kolochenko, said the breach was “one more sharp reminder” about the risks of supply-chain attacks from third-parties and the cloud. Tripwire VP, Tim Erlin agreed, adding that while offloading work for processing transactions is an investment in convenience and security ( in theory), the concentration of credit card data in one place makes providers like Volusion an “attractive target”. In order to make sure you provide a customer experience worthy of inspiring loyalty, there are a few mistakes you need to be careful to avoid. It’s all too easy to lose a customer’s trust after the sale. ![]() “In the calculation of the attacker, it’s a question of when, not if, an attack is coming after the ratio crosses a certain point,” Curry said. “If moving to the cloud made you more secure- or made you more expensive to break- then being in a cluster with other valuable targets will make the other part of the equation go up too. While moving to the cloud service provider may make a business more secure, Cybereason’s Chief Security Officer, Sam Curry said customers must also consider “cost to break” as the best measure of practical security. However, compromising cloud providers such as Volusion, as well as third-party apps, widgets and ads can provide access for malicious code to be injected. The majority of Magecart attacks target self-hosted and outdated online shops, which aren’t sufficiently protected. While these attacks have been ongoing for several years, ZDNet reports they have “intensified” in the last few years, citing a RiskIQ report that claimed to have spotted ‘skimmers’ or card-stealing scripts on more than 18,000 websites in the last few months. The discovery has been regarded as a ‘classic’ Magecart supply-chain attack, where hackers ‘skim’ credit card data from online checkouts. Once there, they were able to modify a JavaScript file that includes malicious code that logs details entered in online forms and injects it surreptitiously, enabling for the collection of payments data being entered at checkout. The researcher claims to have found the issue while toy shopping. ![]() In a Medium post (entitled ‘ How the cookie monster is stealing credit card info ’), Afrahim explained how hackers gained access to Volusion’s Google Cloud infrastructure. The incident was discovered by Marcel Afrahim, a researcher of endpoint security and malware, who unexpectedly uncovered the code while browsing the Sesame Street online store. “When hackers are able to breach cloud-based platforms- like Volusion in this case- they gain access to a huge amount of data sets by targeting hundreds of stores with a single attack.” Wherever they’re stored, payment card details are “extremely valuable data sets for fraudsters,” he said. “The times of ‘we are just a small store – hackers won’t target us’ are over,” said Comforte AG’s Product Manager, Felix Rosbach on the news. ![]() One of the more notable victims was the official Sesame Street online store- where an online researcher discovered the issue- among small retailers of goods such as laptop batteries, vaping supplies, and jewelry. ZDNet published a link to the full list of 6,593 sites that had been breached. Shoppers have spent more than US$28 million in transactions via the solution, making more than 185 million orders. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |