SMBs urged to update software ahead of Black Friday
NCSC identified 4,151 online shops compromised using vulnerability within e-commerce platform Magento
The warning comes after the National Cyber Security Centre (NCSC) identified 4,151 online shops that had been compromised using a vulnerability within the e-commerce platform Magento. With 250,000 clients, the Adobe subsidiary is the third-largest e-commerce system globally, after WooCommerce and Shopify.
NCSC alerted the affected retailers of the vulnerability in late September, with Magento issuing a security patch on 12 October.
All online businesses are being urged to update their software, as the mass shift to e-commerce since the start of the pandemic has caused more customers to shop online than ever before, increasing their risk of falling victim to online scams.
Hence, the NCSC has issued guidance on running a secure website and avoiding threats including skimming, which has been described as “a threat to all retailers” by British Retail Consortium assistant director Graham Wynn.
The trade association has urged “all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period”.
Transforming specialty retail with AI
Future proof your retail business with AIFree Download
NCSC deputy director for Economy and Society, Sarah Lyons, said that the agency wants “small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period”.
“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” she added.
Last year, Check Point’s security researchers observed a sharp increase in the number of phishing exploits in the run-up to Black Friday and Cyber Monday, with phishing emails having increased by over 13 times in early November 2020. In December 2020, RiskIQ security researchers discovered around 37,000 fake retail websites set up to scam holiday shoppers, with 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas”.
Seven steps to connect and empower your frontline workers
How business leaders can improve communication with a secure platformFree download
Create what’s next
The future of collaboration and productivityFree Download
Leveraging the cloud without relinquishing control
Your data. Their cloud.Free download
Re-architecting for nonstop innovation
Unlocking productivity, scalability, and lower costs for cloud nativesFree Download