Home / / Security researchers warn of threat to Black Friday sales

Security researchers warn of threat to Black Friday sales

CyberInt says attackers are targeting sales season with Magecart card theft malware

Security researchers warn of threat to Black Friday sales
The Magecart attacks stole credit card details from legitimate online transactions.

Cybersecurity researchers are warning that criminals are ramping up attacks on online shopping sites, ahead of the Black Friday and Cyber Monday sales later this month.

Security company CyberInt says that a new wave of attacks using the ‘Magecart' malware and methodology, could cost shoppers and credit card companies up to $500m a month.

Magecart was used to hack Ticketmaster and retailer Newegg, earlier this year, and CyberInt says that an additional 32,000 smaller online retailers have also been hit with similar tactics, techniques and procedures (TTP) exploiting vulnerabilities in the online commerce platform.

The new malware scrapes data from the online store and commerce pages and uses them to skim shoppers' credit-card details from legitimate online checkout pages. Neither the retailer nor the customers see that anything untoward has occurred.

CyberInt has been tracking the attacks since August - right after the ABS-CBN breach. Based on the expected volume of stolen credit card details, it is safe to assume the organized criminal gangs (OCGs) concerned could be making as much as $11.4 million a month out of these hacks alone, although the cost to their victims is many times more.

The average cost of a card stolen online for the customer and card issuer is almost $1,100. In cases identified in one month alone by CyberInt, this evidences that point-of-sale scraping of the 32,000 retailers recently hit could cost customers and card companies roughly $500 million a month, with this figure likely to grow substantially as the shopping season starts in earnest.

Whilst there is no indication as to what those behind the attacks are doing with their huge haul of stolen payment card data, these are often resold and exchanged on a buoyant underground "carding" economy. Credit card details retail on the Dark Web for around $25 each.

"In all the attacks we have monitored, the TTP used by the cybercriminals resemble those used by Russian OCGs," says CyberInt Lead Researcher, Jason Hill.

The reason for the concentration of OCGs inside Russia is that cybercrimes perpetrated on enterprises and individuals outside the country are not prosecuted inside Russia. This has given the OCGs a free hand to develop and deploy sophisticated malware such as Magecart in the run-up to 2018's shopping season.

Investigations into the TTP employed by this threat, such as analysis of the JavaScript payloads used to scrape and exfiltrate data, has allowed both the identification of further victims and the command and control (C2) infrastructure. The differences among these recent activities and those identified in other campaigns suggest multiple threat actors are conducting similar operations.

Given the apparent success of the attacks thus far, it is likely that more clusters of TTP and potential threat actor profiles will continue to evolve.

"CyberInt is doing its best to help avert the threat of a monumental global rip-off of online retailers and the consumers they serve during the coming holiday season, when retailers generally expect to make roughly 40% of their annual sales," says CyberInt CEO Amir Ofek. "Small retailers are particularly vulnerable as they are often a soft target for OCGs. We expect that the number of retailers targeted will continue to grow especially as we head toward the holiday season, an online retail peak."

This month's seasonal sales days Black Friday (November23) and Cyber Monday (November 26) are now rapidly drawing retailers and criminals into a neck-and-neck cyber-race. CyberInt is already seeing a rapid escalation in the number of online retailers being targeted by OCGs, who are increasingly using nation-state-style attacks and sophisticated TTPs to create unnoticeable hacks that often sit on the retailers' systems undetected for weeks.

Sophisticated detection and cyber analytics are now the only effective counter-measures for retailers to adopt; targeted threat intelligence, real-time technology, automation, cyber expertise, and holistic digital risk protection will make or break the holiday season for both sides - the retailers and the cybercriminals.

Follow us to get the most comprehensive consumer tech news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.