Some of Ontario’s 450 industry-owned retail beer outlets known as The Beer Store have been forced to accept only cash for sales after a cyber attack.
On Thursday morning, the company put out the following tweet: “Overnight, we were subjected to a cyber attack and are following internal response protocols. Some of our locations are operating with cash only.”
The statement doesn’t make it clear if the attack was successful. Nor is it clear if the chain’s point of sale system (POS) or website was attacked. The site offers shoppers the ability to order and pay cases of beer to either be picked up at a store or delivered to a home.
A Beer Store spokesperson couldn’t be reached for comment at press time.
While POS attacks on retailers have been frequent for years, hackers are now infiltrating web pages and e-commerce transaction providers to insert code and skim off payment card numbers. Broadly speaking, these are called Magecart attacks after the gang that is thought to have originated the strategy. One of the most recent victims was the kitchen container manufacturer Tupperware.
It was discovered March 20th by security vendor Malwarebytes and may have started March 9th. The official tupperware[.]com site, which averages close to 1 million monthly visits, as well as a few of its localized versions, were compromised by hiding malicious code within an image file that activates a fraudulent payment form during the checkout process, researchers said.
For the technically-minded, the scam works by having code launch a malicious iframe on top of the legitimate payment page. When a purchaser first enters data into the rogue iframe, they are immediately shown an error, disguised as a session time-out. This allows the threat actors to reload the page with the legitimate payment form. Victims enter their information a second time, but by then, the data theft has already happened.
There was quite a lot of work done on the Tupperware scam, notes Malwarebytes. The fraudsters even copied the session time-out message from CyberSource, the Visa-owned payment platform used by Tupperware. If there was a real timeout, CyberSource would have cancelled the payment form. Malwarebytes has alerted Visa about the problem.
There are several ways an e-commerce page can be compromised by the addition of malicious code, but the most common is the compromise of the password of the administrator(s) of the web pages. This is done either by a brute force attack or by tricking an administrator through a phishing attack to giving up a password. This attack can be defeated by having web site administrators use multi-factor authentication for logins.
David Masson, director of enterprise security for security vendor Darktrace suggested there’s no coincidence that at a time people are shopping more online because of the COVID-19 pandemic nation-states and cybercriminals are taking advantage. “These adversaries thrive in moments of uncertainty and confusion when people are starved for information and at home glued to their computers,” he said in a statement sent to the publication. “The attack on The Beer Store is just the latest example of a cyber attack taking advantage of the current situation – it is certainly not the only, nor the last target. Companies are focused on restructuring workflows and maintaining revenue streams, while IT teams are building out remote work capabilities. If a company sustains a cyber attack that causes even more disruption at this time, it is likely that the business will struggle to recover. ”