UK government security experts have been forced to alert over 4,000 domestically based online businesses that their websites have been infected with a digital skimming code.
The UK Government Communications Headquarters (GCHQ) and the National Cyber Security Centre (NCSC) have been forced to inform 4,151 compromised online shops, after most were exploited via a known bug in the popular Magento e-commerce software.
The NCSC argued it was particularly important that digital retailers get their e-commerce security in order ahead of the busy festive shopping period, which begins at the end of this week with the Black Friday weekend.
Falling victim to cyber crime could leave online businesses and its customers out of pocket, potentially causing reputational damage, according to Sarah Lyons, NCSC deputy director for economy and society.
“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period.
“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up-to-date,” Lyons said.
The compromised sites were found by the NCSC’s highly successful Active Cyber Defence program, which proactively looks to remove malicious sites and tackle scams before they can impact large numbers of consumers.
It resulted in the take-down of 2.3 million cyber-enabled “commodity campaigns” last year, including hundreds of phishing campaigns using NHS branding and scores of malicious apps.
The NCSC’s actions highlight the continued threat from digital skimming groups such as those filed under the umbrella term “Magecart”.
These groups struck global targets frequently in 2019 and 2020, but little activity has been reported this year.
In September 2020, for example, around 2,000 stores running Magento were attacked in a single weekend, the most extensive recorded campaign of its kind until that moment.