Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Retailers. Show all posts
Online Retailers
Cyber Attacks Cyber Breaches Cyber Security Ransomware Attacks cybercriminals Cybersecurity In Retail Cybersecurity Precautions Hacker attack Online Retailers

Retail Cyberattacks Surge as Service Desks Become Prime Targets

 

In recent months, reports of retail data breaches have surfaced with alarming frequency, showing that both luxury and high-street retailers are under relentless attack. During the second quarter of 2025, ransomware incidents publicly disclosed in the global retail sector rose by 58 percent compared with the first quarter, with businesses in the United Kingdom facing the worst consequences. The outcomes of such breaches vary, but the risks are consistently severe, ranging from loss of revenue and service disruptions to long-term reputational damage. 

One recent example that highlights this growing threat is the cyberattack on Marks & Spencer (M&S), one of Britain’s most recognized retailers. Employing over 64,000 people across more than 1,000 stores, M&S reportedly fell victim to hackers believed to be part of the group Scattered Spider. The attackers infiltrated the company’s systems in February, deploying ransomware that encrypted vital infrastructure and severely disrupted operations. By impersonating employees, the cybercriminals manipulated IT help desk staff into resetting passwords and turning off multi-factor authentication. This gave them access to internal systems, where they stole a file containing password hashes from Active Directory. The fallout was severe, including a five-day suspension of online sales that cost an estimated £3.8 million per day, along with a drop of more than £500 million in market value. 

The method used against M&S was not unique. Similar techniques were applied in attacks on other UK retailers, including Co-op and Harrods. In the case of Co-op, attackers also pretended to be employees to trick IT staff into granting them access. Although Co-op managed to prevent the full deployment of ransomware by shutting down parts of its infrastructure, the company still faced major operational disruption, proving that even partial breaches can have wide-reaching effects. 

The common thread in these cases is the vulnerability of service desks. These teams often have privileged access to systems, including the ability to manage user accounts, reset credentials, and disable authentication tools. Their focus on quick support and customer service can leave them more exposed to sophisticated social engineering tactics. Because they are frequently overlooked in broader cybersecurity strategies, service desks represent a weak point that attackers are increasingly exploiting. 

To address this issue, organizations must shift their approach from reactive to proactive defense. Service desks, while designed to solve problems efficiently, need to be supported with advanced training, strong verification procedures, and layered defenses that reduce the likelihood of manipulation. Investing in security awareness, modern authentication practices, and continuous monitoring of unusual account activity is now essential. 

The rise in attacks on retailers like M&S, Co-op, and Harrods demonstrates that hackers are targeting service desks with growing precision, causing significant financial and operational harm. These incidents show the urgent need for companies to reassess their cybersecurity strategies, placing greater emphasis on the human element within IT support functions. While organizations cannot control who attackers choose to target, they can strengthen their defenses to ensure resilience when confronted with such threats.
Read more »
Online Retailers
Card Skimming Data Breach HTML Magecart Malicious actor Online Retailers

Credit Cards Were Forged from a Prominent e-Cigarette Store

 

Since being breached, Element Vape, a famous online retailer of e-cigarettes including vaping kits, is harboring a credit card skimmer on its website. In both retail and online storefronts in the United States and Canada, this retailer provides e-cigarettes, vaping equipment, e-liquids, and Synthetic drugs.
 
Its website Element Vape is uploading a potentially Malicious file from either a third-party website that appears to be a credit card stealer. Magecart refers to threat actors who use credit card cybercriminals on eCommerce sites by infiltrating scripts. 

On numerous shop webpages, beginning with the homepage, a mystery base64-encoded script may be seen on pages 45-50 of the HTML source code. For an unknown period of time, the computer worm has so far been present on ElementVape.com. 

This code was gone as of February 5th, 2022, and before, according to a Wayback Machine review of ElementVape.com. As a result, the infection appears to have occurred more recently, probably after the date and before today's detection. When decoded, it simply fetches the appropriate JavaScript file from a third-party site :

/weicowire[.]com/js/jquery/frontend.js

When this script was decoded and examined, it was apparent – the collection of credit card and invoicing information from clients during the checkout. The script looks for email addresses, payment card details, phone numbers, and billing addresses (including street and ZIP codes). 

The attacker acquires these credentials via a predefined Telegram address in the script which is disguised. The code also has anti-reverse-engineering features which check if it's being run in a sandbox or with "devtools" to prevent it from being examined.

It's unclear how the backend code of ElementVape.com was altered in the first place to allow the malicious script to enter. Reportedly, this isn't the first instance Element Vape's security has been breached. Users reported getting letters from Element Vape in 2018 indicating the company had a data breach so the "window of penetration between December 6, 2017, and June 27, 2018, might have revealed users" personal details to threat actors. 
Read more »
Threat actors
Magecart Magento malware Online Retailers PHP Code Injection Threat actors

Several Magento Sites were Targeted by a Surge of MageCart Attacks

 

A large number of online stores using the Magento 1 e-commerce system were targeted by a web skimmer, according to Sansec, an eCommerce security consultancy. 

The crawler detected roughly 374 infections in a single day, indicating an onslaught. The infection was downloaded from the domain naturalfreshmall[.]com, which is presently offline. The threat operators' purpose was to steal credit card information from consumers at the targeted online retailers.

An attacker often uses a security flaw in the Quickview plugin to insert rogue admin users into susceptible Magento stores as the initial intrusion vector. Under this scenario, however, the flaw was exploited to add a default value resulting in the database being updated with a file carrying a simple backdoor. By just surfing the Magento login page, the validation requirements for prospective consumers would be used to initiate the code execution. 

By implementing a default value to the customer_ eav_attribute table, misuse is possible. The host app is tricked into creating a malicious entity, which is then utilized to generate a basic backdoor (api 1.php). As per Sansec, the intruders installed 19 backdoors on the hacked system, which means the affected sites must remove all of them to avoid being targeted in future attacks.

Although thousands of merchants continue to use it, the Magento 1 platform has hit End-of-Life, and Adobe no longer provides security upgrades for the same. As a result, the sites are accessible to a wide range of cyberattacks, putting the clients' sensitive information at risk. These details usually include credit card numbers, mailing addresses, names, phone numbers, and email addresses, as well as anything else required to complete an online order.

All Magento administrators should make sure it is running the most current edition of the platform and upgrade if it is on an older, unsupported version.
Read more »
User Security
Credential Stuffing Attacks Cyber Attacks Online Retailers User Security

Proxy Phantom Employs Automated Credential Stuffing Technique to Target Online Retailers

 

Cybersecurity researchers have exposed a massive fraud operation that targets e-commerce companies in account takeover attacks. 

Sift, a fraud prevention firm announced on Thursday that the hacker ring, dubbed Proxy Phantom, is employing over 1.5 million sets of stolen account credentials in automated credential stuffing assaults against online retailers.

Credential stuffing attacks usually depend on a large number of stolen or leaked credentials-username and password pairs-for one website and tests them on the login pages of other websites. The attacker’s motive is to secure unauthorized access to as many user accounts as possible and then carry out other assaults or fraudulent schemes. 

According to the estimation of Sift’s researchers, only 0.1% of credential stuffing assaults are successful. However, given the low success rate, you can attempt thousands of account combinations at the same time, these attacks can still be useful – particularly when employed against businesses or financial services.

Proxy Phantom "flooded businesses with bot-based login attempts to conduct as many as 2,691 login attempts per second,” as per Sift's Q3 2021 Digital Trust & Safety Index. Scammers also employed connected and rotating IP addresses to make the queries appear to stem from different geographical areas and primarily targeted e-commerce platforms and online services.

"As a result, targeted merchants using rules-based fraud prevention methods would be forced to play a supercharged, global game of "whack-a-mole," with new combinations of IP addresses and credentials (likely purchased in bulk on the dark web) coming for them at an unthinkable pace," Sift stated.

The study further reports that account takeover attacks identified by the company jumped by 307% over Q3. Specifically, the financial sector is a top target, including cryptocurrency exchanges and digital wallet services. 

Earlier this month, Netacea, a UK-based software firm released an index documenting the actions of scalper bots. These automated systems are manufactured to defeat online queues for high-ticket products like concert tickets and gaming consoles in order to resell and generate a profit for their operators.

 “Fraudsters will never stop adapting their techniques to overwhelm traditional fraud prevention, making suspicious logins look legitimate, and legitimate ones look suspicious. At the same time, poor consumer security habits—like reusing passwords for multiple accounts—make it easy and continue to breathe life into the fraud economy,” stated Jane Lee, trust and safety architect at Sift. 

“To proactively secure customer accounts and fuel expansion into new markets, merchants need to adopt a Digital Trust & Safety strategy to stop these advanced attacks before they shatter consumer loyalty and stifle growth,” she added.
Read more »
Subscribe to: Comments (Atom)