Venafi released research on the explosion of look-alike domains, which are routinely used to steal sensitive data from online shoppers. Venafi’s research analyzed suspicious domains targeting the top 20 retailers in five key markets: the U.S., U.K., France, Germany and Australia.
With the rise of online shopping, customers are being targeted through look-alike domains. Cyber attackers create these by substituting a few characters in the URLs. Because they point to malicious online shopping sites that mimic legitimate websites, it is difficult for customers to detect the fake domains.
The retail industry’s cybersecurity preparedness continues to lag behind almost every other sector despite efforts by the major credit card associations to bolster retail security via the Payment Card Industry Data Security Standard (PCI DSS).
Third-party risk management firm SecurityScorecard recently analyzed a total of 1,444 domains in the retail industry with an IP footprint of at least 100 and compared the average SecurityScorecard grade of the retail industry to other vertical markets. The exercise showed the retail industry had the second-lowest application security performance among major sectors.
Read more about the findings of the new report on DarkReading.
Earlier this week researchers confirmed a massive payment card skimming scheme operated by Magecart which compromised the online store of broadcaster ABS-CBN; now, the cyberthreat group has claimed a fresh victim in Newegg.
Researchers from RiskIQ, together with Volexity, revealed that California-based retailer Newegg is the latest well-known merchant to succumb to the threat actors. The security firm said in a blog post that a payment skimming scheme has been in operation since August 13.
Read more about the recent activities of hacking group Magecart on ZDNet.
A new malware campaign has been detected which is targeting point-of-sale (PoS) systems across the United States and Europe. Researchers from IBM X-Force IRIS have attributed the attacks to the FIN6 cybercriminal group.
This is only the second time that a campaign has been documented which appears to be the handiwork of FIN6. According to FireEye (.PDF), the group first emerged in 2016 when it came to light that the threat actors had stolen millions of credit card numbers. The former campaign netted the group the details of over 10 million credit cards, each of which was being sold for an average of $21 on the Dark Web.
Read more about the new malware campaign by FIN6 on ZDNet.
An unsecured Amazon Web Services bucket holding personal information and scans of IDs of some 119,000 US and international citizens has been found sitting online by Kromtech security researchers earlier this month. The stored data had been stockpiled by Bongo International, a company that specialized in helping North American retailers and brands sell online to consumers in other countries. Bongo was acquired by FedEx in 2014, relaunched as FedEx Cross-Border International, and ultimately shuttered in April 2017.
The AWS bucket, access to which was not secured by a password, contained unencrypted information and ID scans of customers from many different countries around the world. ZDNet trawled through the documents and found scans of drivers’ licenses, national ID cards, work ID cards, voting cards, utility bills, vehicle registration forms, medical insurance cards, firearms licences, US military identification cards, and credit cards that customers used to verify their identity with the FedEx division. To complete the picture about each customer there were US Postal Service forms, holding information such as name, home address, phone number, zip code and handwritten signatures.
Read more about the exposed information and how it was found sitting online in an unsecured Amazon Web Services bucket on Help Net Security.
Cryptocurrency marketplaces, designed to facilitate trading on the full range of digital currencies, are experiencing a range of fraudulent activity. The world of cryptocurrency has moved from being the playground of the criminal underworld to be a prime target for attacks on legitimate transactions, according to the Q4 2017 Cybercrime Report by ThreatMetrix.
Fraudulent new accounts are created using stolen or synthesized identities to set up mule accounts to launder money. Additionally, legitimate accounts are being hacked to make fraudulent payments and transfer cryptocurrency balances out when at their highest value.
The report also revealed an increased volume of attacks originating from Russia, using both automated bots and location spoofing tools. In fact, for the very first time, Russia emerged as a top attack originator, with the majority of incidents targeting ecommerce retailers in the U.S. Key shopping days in Q4 over the holiday season saw up to 2 million bot attacks coming from Russia alone.
Read more about the findings of the Q4 2017 Cybercrime Report by ThreatMetrix on Help Net Security.
A new study by 250ok has revealed that 87.6 percent of the root domains operated by top e-retailers in the United States and European Union are putting their brands and consumers at risk for phishing attacks.
Phishing and spoofing attacks against consumers are most likely when companies don’t have a published Sender Policy Framework (SPF) or Domain-based Message Authentication, Reporting and Conformance (DMARC) policy properly in place. SPF is an email validation system that detects spoofing attempts, or a third party disguising itself as a certain sender using a counterfeit email address. DMARC is considered the industry standard for email-validation to prevent such attacks.
The report, which analyzed 3,300 domains of the top 1,000 US internet retailers and top 500 EU internet retailers by revenue, reveals that the majority of retailers currently use some level of email authentication on their domains. However, many are inconsistent in their approach across all the domains they control and only 11.3 percent of top US retailer domains and 12.2 percent of top EU retailer domains meet 250ok’s recommended minimum protocol for the email channel by publishing SPF records for all domains; ensuring SPF records are valid and without errors; and publishing a DMARC policy for all domains.
Online fraud attempts and general retail transaction volumes increased substantially during the 2017 holiday season, according to new benchmark data from ACI Worldwide. Fraud attempts in the period from Thanksgiving Day to December 31 increased by 22 percent, while the number of overall transactions increased by 19 percent.
Fraud attempt rates were highest on Thanksgiving Day (1.94 percent, up from 1.26 percent in 2016), Christmas Eve (1.78 percent, up from 1.48 percent) and December 21 – the cutoff date for express shipments – (1.67 percent, up from 1.49 percent). The trends driving these peak fraudulent days include shipment cut-off, consumer traffic and buy online pick-up in-store transactions.
Read more about the ACI Worldwide data indicating a significant increase in online fraud during the 2017 holiday season on Security Magazine.
Read Brad Allen write about the clear divide between online adopters and skeptics and how it raises challenges for the retail and financial services industries on Star Tribune :
When Pat Alexander read about the Equifax data breach, the 58-year-old former computer programmer from Roseville was not surprised. She had seen enough in her 15 years of coding both mainframes and PCs to convince her that nothing online is totally secure. “Technology doesn’t confound me. It just doesn’t impress me,” she explained.