Group-IB : payment data of thousands of customers of UK and US online stores could have been compromised




Moscow, 14.03.2019 – Group-IB, an international company that specializes in preventing cyberattacks, has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US. The injected code has been identified as a new JavaScript Sniffer (JS Sniffer), dubbed by Group-IB as GMO.

Group-IB Threat Intelligence team first discovered the GMO JS Sniffer on the website of the international sporting goods company FILA UK, which could have led to the theft of payment details of at least 5,600 customers for the past 4 months.

Do your payments have the sniffles?

Most recent breaches similar to this include British Airways and Ticketmaster which were first analyzed by RiskIQ research team, where cybercriminals managed to compromise personal information of thousands of travelers and concert goers with a few of lines of code. British Airways and Ticketmaster websites were infected with JS Sniffers, a type of malicious code injected into a victim’s website designed to steal a consumer’s personal data including payment card details, names, credentials etc.

FILA UK website (fila.co[.]uk) became cybercriminals’ new major target on the UK market . GMO JS Sniffer has also been discovered on 6 other websites of US-based companies. This type of attack is especially dangerous given that it can be applied to almost any e-commerce site around the world. Group-IB made multiple attempts to alert FILA, which was known to be impacted by GMO. Six other websites affected by this JS Sniffer were notified upon discovery as well. Group-IB team has also reached out to local authorities in the UK and the US to conduct outreach.

Group-IB’s Threat Intelligence team first discovered GMO on the FILA UK website. The malicious code was detected in early March 2019. In the course of further research it was revealed that GMO JS Sniffer has presumably been collecting customer payment data since November 2018. According to Alexa.com, the number of fila.co[.]uk unique monthly visitors is estimated at around 140k per month.

According to IRP, UK market research firm, a minimum conversion into purchase for fashion and clothing ecommerce is equal to 1%. Using very conservative estimates, payment and personal details of at least 5,600 customers could have been stolen by cybercriminals – everyone who has purchased items on fila.co.uk since November 2018 has potentially had their details compromised. Typically, after customer data is stolen, it is usually resold on underground cardshops. Another scheme of cashing out involves the use of compromised cards to buy valuable goods, e.g. electronics, for onward sale.


Infamous North Korean Hacking Group Steals $571 Million in Cryptocurrency


The North Korean Hacking Group, Lazarus has managed once more to embezzle more than a billion dollars in cryptocurrency. The group has purportedly done such sorts of thefts since January 2017, amassing an enormous $571 million from the attacks. This was in accordance with an article published on Friday by The Next Web as well as the coming yearly report from the cybersecurity vendor Group-IB.

The claims made by some South Korean officials in February express that the North Korean hackers likely stole millions of dollars' worth in cryptocurrency in the year 2017.

Since the beginning of last year, the greatest contribution that could be made in hacking outfits has been done by Lazarus, which stole $571 million in cryptocurrency. Their greatest plunder - $534 million originated from a solitary attack led earlier in January 2018.

As indicated by the eminent cybersecurity unit Group IB the hacking outfits are more acclimated with utilizing techniques extending from spear phishing to social engineering and malware introduction to compromising cryptocurrency exchange networks.

"After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets," says the summary of an annual report prepared by the unit detailing the situation of hi-tech cybercrime trends across the globe. It also indicates that $882 million in cryptocurrency was stolen from exchanges in total from 2017 to 2018.

Massive phishing groups, as the report stated, are exploiting the users' fear of missing out a major opportunity, baiting them to invest their resources into unauthentic projects on knockoff websites.
Group IB additionally states that the quantity of attacks focusing on crypto trades is probably going to rise further, with hackers of more conventional financial institutions, like the banks are being attracted to the space looking for enormous increases.

All the more worryingly, these thefts are prognosticated to increment similarly as with time, more and more aggressive hacking groups are likely to move towards cryptocurrency.