Connect with us

Hi, what are you looking for?

Tech & Science

Claire’s Magecart hit is a serious cyber attack (Includes interview)

The purveyor of accessory items, Claire’s, has suffered a cyberattack where card payment details have been stolen after the brand and its sister company Icing were hit by a skimming cyber-attack. The company was forced to shut all of its physical stores in 2018, and now in June 2020, following a ‘magecart’ attack, it has needed to contact customers about online breaches.

According to Sansec, the security research company who identiifed the atatck: “The malware was added to the (otherwise legitimate) app.min.js file. This file is hosted on the store servers, so there is no “Supply Chain Attack” involved, and attackers have actually gained write access to the store code.”

Looking into the cyberattack for Digital Journal Cath Goulding, CISO Nominet explains the implications for e-commerce: “Magecart style attacks have swept through the online retail world, Claire’s is only the most recent following British Airways and Ticketmaster, among others.”

In terms of what happens with such attacks, Goulding explains: “Typically these attacks steal data entered into compromised online payment forms and, in this case, the cyber criminals had registered a malicious domain to appear as the original website but contain the malicious code. Particularly worrying here is the fact that the code was reportedly added to the website in April and remained there until June.”

Timing of such attacks matters as well, as Goulding notes: “This period coincides almost exactly with the height of lockdown measures and consequently many more customers than usual may have been visiting the website. This could have caused a much higher proportion of customers to be affected. ”

In terms of the necessary preventive measures, Goulding recommends: “To avoid these types of attack it is essential for businesses to carefully monitor their network and proactively block suspicious incidents. They should also monitor their website for changes and maintain an inventory of the domains that they own.”

Furthermore: Brands can also monitor for similar domain names to their own, to allow them to more quickly respond if a malicious domain is set up to take advantage of their identity. Finally, for consumers, now is the time to change passwords and keep a close eye on your account. Until Claire’s has done its investigative work, impacted consumers may not be aware that their credentials have been compromised.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Candace Cameron Bure and Cameron Mathison star in their new Great American Family film "Home Sweet Christmas," which premieres on Sunday, December 1st.

World

Pamela Miller, executive director of the NGO Alaska Community Action on Toxics (ACAT) warned of a "public health crisis."

Business

Workers at German factories for carmaker Volkswagen are to go on strike from Monday over plans to cut thousands of jobs.

Social Media

Meanwhile, world, what are you doing about protecting your kids?