Weekly Comments

12 - 18 November 2019

Cyber criminals have started testing their payment card stealing bots ahead of the holiday shopping season.

Cyber criminals have started testing their payment card stealing bots ahead of the holiday shopping season. At least two such carding bots, Canary and Shortcut, have been spotted running carding attacks in September. Canary targets well-known e-commerce platforms in attempts to exploit a potentially large number of users who are using the platform. Meanwhile, Shortcut targets card payment vendor APIs and harvests card details when external services handling payments check the card through the API endpoint. Online retailers may be inadequate to deal with increasing cyber threats as budgets have been spent on improving the e-commerce platform’s ability to receive money rather than on security to safeguard the data. It is believed that organised retail crime could increase in the coming holiday season and perpetrated through various forms such as carding and point-of-sales malware.

References:

PerimeterX Research Team Uncovers Two New Carding Bots: Thousands of E-Commerce Websites Using Top E-Commerce Platforms Potentially at Risk

Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives (PDF)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence