Thursday, January 23, 2025
HomeCyber Security NewsHackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target e-commerce platforms during the holiday season, which allow attackers to craft convincing phishing emails, replicate legitimate websites, and gain unauthorized access to systems. 

The objective of cybercriminals is to steal sensitive information and financial data from shoppers who are unaware of their activity by taking advantage of vulnerabilities and taking advantage of user trust. 

They are taking advantage of generative AI, specifically models like ChatGPT, to create highly convincing phishing emails designed to mimic legitimate communications from retailers and banks. 

These sophisticated attacks, often themed around holidays or seasonal sales, aim to deceive unsuspecting shoppers into divulging sensitive information such as credit card details.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration 

It highlights the increasing use of sniffing tools, which allow cybercriminals to intercept and steal data during online transactions, further amplifying the threat landscape for online shoppers.

Collection of threats to shopping websites

Cybercriminals are exploiting the holiday shopping season by registering thousands of fake domains mimicking popular e-commerce brands to lure unsuspecting consumers with fraudulent offers. 

They are targeting vulnerable e-commerce platforms like Adobe Commerce, Shopify, and WooCommerce, exploiting weak configurations and outdated plugins. 

Attackers are employing various techniques, including sniffers to steal sensitive customer data and Remote Code Execution (RCE) exploits to gain unauthorized administrative access to these platforms, posing significant risks to both businesses and consumers.

Fake J. Crew shopping site

The darknet has become a thriving marketplace for cybercrime tools and stolen data. FortiGuard Labs has noted an increase in the sale of compromised e-commerce databases, stolen gift cards, and credit card information. 

Phishing kits are being sold at prices ranging from $100 to $1,000, depending on their sophistication and customization options, which enable even less experienced attackers to launch advanced phishing attacks. 

Other tools, such as sniffing and brute-forcing software, are also available on the darknet, further lowering the barrier of entry for cybercriminals.

Trafficker recruitment ad

Businesses today face a myriad of cyber threats, where phishing attacks, data breaches, and financial fraud are common occurrences, often resulting from compromised admin panels, outdated software, and weak security practices. 

Actors with malicious intent take advantage of these vulnerabilities in order to steal sensitive information, disrupt operations, and tarnish the reputation of the brand. 

Shoppers should prioritize online security by verifying URLs, using secure payment methods, avoiding public Wi-Fi, enabling multi-factor authentication, and regularly monitoring financial statements. 

While businesses must enhance their cybersecurity by updating platforms and plugins, conducting vulnerability scans, employing fraud detection tools, educating customers, monitoring domain registrations, and securing admin panels with strong passwords and restricted access.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Varshini
Varshini
Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...