The world has witnessed a terrific rise in online shopping ever since the onset of the COVID-19 pandemic. Most businesses around the world switched to online mode, and many did it without sufficient consideration for the security of their network. This opened new doors to uninvited guests on the unsecured networks of retail businesses.
Recent breaches and malware attacks
There have been several cyber incidents where attackers infected online retail stores with some kind of malware. Some of the prominent incidents are:
- Instacart data breach incident: The American grocery delivery company disclosed a data breach incident caused by two of its employees providing tech support services for Instacart shoppers.
- Asda phishing attack: Supermarket shoppers in the U.K. were targeted by a phishing scam running via social networking sites. The attackers were offering gift cards to spend at Asda.
- Paytm Group backdoor and ransomware attack: a cybercrime group ‘John Wick’ uploaded the Adminer” backdoor on the Paytm Mall application, after which it gained unrestricted access to the app’s entire databases.
- Several retail stores and chains were targeted a couple of months back by ransomware actors including NetWalker, REvil, and Doppelpaymer.
Web skimming attacks
- Magecart Group 8 operators were seen using homoglyph techniques for a new credit card skimming campaign, using the ‘Inter’ skimming kit inside of a favicon file.
- In March, some attackers exploited vulnerabilities in the Tupperware website to skim the personal data of customers.
Other threats targeting retail
About three weeks ago, researchers unveiled a phishing campaign by Russian-speaking RedCurl group that is stealing corporate documents from the retail sector as well. Another threat actor recently flooded a hacker forum with databases exposing 386 million user records, stolen from eighteen companies, including retail firms.
The rapid digitization and sudden shift to online shopping have raised various cybersecurity challenges for businesses. Retailers are advised to step carefully into the online world with the proper consultation and guidance of security experts.