Thursday, Jun 8, 2023

Interpol cautions of tricky 2021 for online shoppers

Cyberthreat Assessment 2021 released by the Interpol, primarily based on data from ASEAN countries but quite reflective of global threats, e-commerce data interception poses an emerging and imminent threat.

By Dennis Marcus Mathew

Updated On - 10:14 AM, Fri - 29 January 21

Interpol cautions of tricky 2021 for online shoppers — Representational Image

Hyderabad: Bought more things online than offline last year? If you haven’t fallen prey to cyber crooks, you are part of a lucky minority, because online shopping platforms have been among the most targeted in the year 2020 which was hit by the pandemic, and is likely to be continued in 2021 as well. Our credit and debit cards are now among the most valuable prizes for cyber crooks.

According to the Cyberthreat Assessment 2021 released by the Interpol, primarily based on data from ASEAN countries but quite reflective of global threats, e-commerce data interception poses an emerging and imminent threat to online shoppers. “Different kinds of malware, such as JavaScript-sniffers in the underground forum, not only enable cybercriminals to launch malicious campaigns against e-commerce platforms with ease, but evolving functionalities also make it even more challenging to detect and investigate,” the report notes.

Interpol says the carding market (the underground bazaar for card data) grew by 116 per cent, from USD 880 million in 2019 to USD 1.9 billion in 2020. The quick growth applies to both textual data (bank card numbers, expiration dates, holder names, addresses, Card Verification Values (CVVs) and dumps (magnetic stripe data). The amount of such textual data offered for sale by criminals increased by 133 per cent, from 12.5 million to 28.3 million cards, while dumps surged by 55 per cent, from 41 million to 63.7 million.

With more businesses shifting their retail shops to e-commerce platforms, there has been an alternative opportunity for cybercriminals to steal large amounts of payment data, including credit card information, it says, adding that cybercriminal groups engaging in JavaScript (JS) card sniffing attacks have slowly spread their operations to target additional platforms.

“With carding information sales proving to be a lucrative business for cybercriminals, JS-sniffers now represent a threat to all online store platforms,” it says, adding that cyber-attacks at online stores were expected to grow. Among other major cyber-threats for 2021, most of which are continuing from 2020, were Business E-mail Compromise campaigns, Phishing, Ransomware, cyber scams and cryptojacking. One emerging but major area of concern was the Crimeware-as-a-Service (CaaS) model, which has always been on the radar of cybersecurity experts. Online reports from cybersecurity websites show that crimeware (malware to automate cybercrime), stolen data and other such saleable items on the Dark Web were increasingly sold as a service.

CaaS has also lowered the entry barrier for new and less technologically proficient cybercriminals, facilitating the flurry of malicious activities and enabling threat actors to carry out sophisticated attacks without the need for advanced technical skills, the Interpol report says.

What is E-commerce data interception?

E-commerce data interception is a type of malware designed to steal customer payment data from online stores. The online equivalent of a credit card skimmer targeting ATM cash machines, a JS-sniffer comes in the form of malicious codes that cybercriminals inject into websites to capture users’ data, such as payment card numbers, names, addresses and passwords.

Also read: