2018 sees major rise in attacks on online retailers

Published on: 27 Nov 2018

Popular online retailers are likely to be prime targets for data-stealing malware for the rest of 2018, according to Kaspersky Lab.

The cyber security software provider detected 9.2 million attempted cyber attacks on online shops during the third quarter of 2018. That marked a dramatic uplift considering there were only 11.2 million attack attempts throughout all of 2017.

Just some of the malware families predicted to be putting a major dampener on the holiday season include Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye, the latter of which is set to be up by a third year on year.

These trojans target well-known e-commerce brands to grab valuable user information, such as logins, passwords, payment details and phone numbers. They seize the data from victims by intercepting input data on target sites, modifying the online page content, and/or redirecting visitors to phishing pages.

More than three million sets of e-commerce credentials were recently spotted for sale on a marketplace easily accessible through a Google search.

Yury Namestnikov, a principal security researcher at Kaspersky Lab, said: “Credential-stealing banking malware is nothing new. However, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected.

“As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data.”

Photo: William_Potter/iStock