Cyber criminals have started testing their payment card stealing bots ahead of the holiday shopping season. At least two such carding bots, Canary and Shortcut, have been spotted running carding attacks in September. Canary targets well-known e-commerce platforms in attempts to exploit a potentially large number of users who are using the platform. Meanwhile, Shortcut targets card payment vendor APIs and harvests card details when external services handling payments check the card through the API endpoint. Online retailers may be inadequate to deal with increasing cyber threats as budgets have been spent on improving the e-commerce platform’s ability to receive money rather than on security to safeguard the data. It is believed that organised retail crime could increase in the coming holiday season and perpetrated through various forms such as carding and point-of-sales malware.
References:Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives (PDF)
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services