Cybersecurity Insights

Duncan Slater

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

26/05/17 14:08

 

Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of their environment.  But as a small eCommerce merchant, who is responsible for the security of your environment?  In most cases, small eCommerce businesses elect to outsource all of their website’s development to professionals specialising in eCommerce environments, but should the developers be responsible for the cybersecurity as well as the development and management of the environment? 

Read More
Kirsty Trainer

New survey shows 78% of eCommerce websites at risk

11/04/17 12:03
  • 47,000 out of 60,000 websites missing critical security patches
  • Over 3,000 are already hacked and losing customer data now

External security scans performed on 60,000 Magento websites show that 78% are missing critical security patches, while 5% are confirmed to have payment card data harvesting malware stealing their customer details. 

Read More
Benjamin Hosack

Malware Alert: New POS Malware - TinyPOS

01/04/16 07:00

In the UK we don’t often come across brand new POS malware, presumably as we are in a Chip & PIN market, so the “return” for attackers on deploying such technology is limited. Last week though, we did come across what appears to be a new sample that we’re calling TinyPOS.

Read More
Kirsty Trainer

Malware Alert: Asymmetric Crypto Malware Dropper

29/01/16 11:55

In a previous article (Mage.jpg Malware Derivative) we discussed an interesting evolution we were seeing in the eCommerce security arena, that of asymmetric encryption techniques being used to obfuscate harvested payment card data. This is something that became prevalent many years prior with binary malware created for brick and mortar compromises.

The use of asymmetric encryption techniques makes the role of a digital forensic analyst somewhat tricker as we cannot (generally) provide any empirical insight into the contents of the harvest files. As such, the details of the exposure have to take a "worst case" approach which generally impacts the victim's organisation detrimentally.

Read More
Kirsty Trainer

Magento Malware Alert: Malicious Client Side Javascript

02/12/15 16:55

Much has been made of the Magento Shoplift vulnerability and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - such as iframes as provided by all major payment processors.

Read More
Duncan Slater

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

26/05/17 14:08

 

Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of their environment.  But as a small eCommerce merchant, who is responsible for the security of your environment?  In most cases, small eCommerce businesses elect to outsource all of their website’s development to professionals specialising in eCommerce environments, but should the developers be responsible for the cybersecurity as well as the development and management of the environment? 

Read More
Kirsty Trainer

New survey shows 78% of eCommerce websites at risk

11/04/17 12:03
  • 47,000 out of 60,000 websites missing critical security patches
  • Over 3,000 are already hacked and losing customer data now

External security scans performed on 60,000 Magento websites show that 78% are missing critical security patches, while 5% are confirmed to have payment card data harvesting malware stealing their customer details. 

Read More
Benjamin Hosack

Malware Alert: New POS Malware - TinyPOS

01/04/16 07:00

In the UK we don’t often come across brand new POS malware, presumably as we are in a Chip & PIN market, so the “return” for attackers on deploying such technology is limited. Last week though, we did come across what appears to be a new sample that we’re calling TinyPOS.

Read More
Kirsty Trainer

Malware Alert: Asymmetric Crypto Malware Dropper

29/01/16 11:55

In a previous article (Mage.jpg Malware Derivative) we discussed an interesting evolution we were seeing in the eCommerce security arena, that of asymmetric encryption techniques being used to obfuscate harvested payment card data. This is something that became prevalent many years prior with binary malware created for brick and mortar compromises.

The use of asymmetric encryption techniques makes the role of a digital forensic analyst somewhat tricker as we cannot (generally) provide any empirical insight into the contents of the harvest files. As such, the details of the exposure have to take a "worst case" approach which generally impacts the victim's organisation detrimentally.

Read More
Kirsty Trainer

Magento Malware Alert: Malicious Client Side Javascript

02/12/15 16:55

Much has been made of the Magento Shoplift vulnerability and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - such as iframes as provided by all major payment processors.

Read More