The purveyor of accessory items, Claire’s, has suffered a cyberattack where card payment details have been stolen after the brand and its sister company Icing were hit by a skimming cyber-attack. The company was forced to shut all of its physical stores in 2018, and now in June 2020, following a ‘magecart’ attack, it has needed to contact customers about online breaches.
According to Sansec, the security research company who identiifed the atatck: “The malware was added to the (otherwise legitimate) app.min.js file. This file is hosted on the store servers, so there is no “Supply Chain Attack” involved, and attackers have actually gained write access to the store code.”
Looking into the cyberattack for Digital Journal Cath Goulding, CISO Nominet explains the implications for e-commerce: “Magecart style attacks have swept through the online retail world, Claire’s is only the most recent following British Airways and Ticketmaster, among others.”
In terms of what happens with such attacks, Goulding explains: “Typically these attacks steal data entered into compromised online payment forms and, in this case, the cyber criminals had registered a malicious domain to appear as the original website but contain the malicious code. Particularly worrying here is the fact that the code was reportedly added to the website in April and remained there until June.”
Timing of such attacks matters as well, as Goulding notes: “This period coincides almost exactly with the height of lockdown measures and consequently many more customers than usual may have been visiting the website. This could have caused a much higher proportion of customers to be affected. ”
In terms of the necessary preventive measures, Goulding recommends: “To avoid these types of attack it is essential for businesses to carefully monitor their network and proactively block suspicious incidents. They should also monitor their website for changes and maintain an inventory of the domains that they own.”
Furthermore: Brands can also monitor for similar domain names to their own, to allow them to more quickly respond if a malicious domain is set up to take advantage of their identity. Finally, for consumers, now is the time to change passwords and keep a close eye on your account. Until Claire’s has done its investigative work, impacted consumers may not be aware that their credentials have been compromised.”