E-Skimming is on the Rise this Holiday Season - image by Dylan Gillis xKmXZ4Fv63w from UnsplashThere’s no shortage of cyber threats facing retailers and shoppers this holiday season. The volume and sophistication of cyberattacks had surged with more consumers shopping online than ever before. Experts predicted that Cyber Monday 2020 was the biggest online shopping day in U.S. history. It is estimated that sales reached $12.7 billion.

With this influx of online shopping, retailers are also seeing a rise in cyberattacks through methods like e-skimming and the targeting of point of sale (POS) systems. E-skimming is a sophisticated attack method where cybercriminals inject JavaScript into payment processing pages on retailers’ sites. The goal is to steal credit card information from unsuspecting customers. Additionally, our researchers at VMware Carbon Black have seen POS malware variants in use across a wide variety of retailers. These attacks rely on the physical swipes of cards. This allows the malware to exfiltrate credit card data along with verification data such as PIN numbers or zip codes.

Cashing in on Holiday Hacking

These types of cyberattacks targeting the retail industry this holiday season have a very low barrier to entry. They are low-cost for attackers and include all of the necessary details, which cybercriminals can then sell on cybercrime forums. Recent VMware Carbon Black research into dark web forums found swiped credit card information being sold at the low cost of $10-20 per card. Similarly, PayPal accounts are selling for $2-10 each, depending on how much money is in the account. A loaded account comes at a higher price tag.

E-crimes Groups Continue to Grow

Making matters worse, today’s sophisticated attack groups are consistently extending their capabilities and tactics to infiltrate e-commerce applications and avoid detection. It means these activities are occurring without retailers or consumers ever catching wind. A recent example of this is Magecart threat actors impersonating legitimate payment applications by way of homoglyph attacks. This fooled victims into visiting malicious websites.

These threats are likely to increase significantly during the holiday season. We must all remain vigilant and employ best practices to stay secure when shopping online. Retailers should take the following four steps:

  1. Secure the integrity of both end-user and POS systems. Maintain the ability to monitor network activity for both preventative and forensic measures in the event of an attack.
  2. Collect, aggregate, and alert on real-time process data from endpoints and POS systems. Additionally, monitor related infrastructure residing within the organization’s network.
  3. One of the most effective measures for POS specifically is baselining behaviors across these systems and implementing a process to identify changes. This data can then be used to identify the deployment of malicious card-skimming POS malware, such as TinyPOS.
  4. Ensure that all applications are up-to-date via patch management and vulnerability prioritization. Be sure to also conduct regular code integrity checks on public-facing e-commerce applications. Implement web application firewalls as an added layer of defense.

We will continue to see bad actors target both eager shoppers and retailers this holiday season. With evolving tactics like e-skimming and POS attacks, cybercriminals have their sights set on not only the holiday season but continuing to cash in on online shopping. To stay one step ahead of attackers, retailers and consumers must take the necessary precautions to protect against threats. This will help ensure a happy holiday shopping season for all.

Additional Resources:

Tips for consumers to remain vigilant and more secure while online shopping can be found in our blog post: “8 Ways to Avoid the Cybersecurity Grinch This Holiday Season

Watch my recent interview with Cheddar where I break down the online shopping risks for both retailers and shoppers: “Stay Skeptical to Keep Your Credit Card Info Secure Online, Cybersecurity Expert Says

Learn more about how VMware Carbon Black can help retail brands stay secure: “How VMware Carbon Black Helps Retail Organizations


VMware-Carbon-BlackVMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.

More than 6,000 global customers, including approximately one-third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.

LEAVE A REPLY

Please enter your comment!
Please enter your name here