Mar 10, 2023

Security Boulevard Community Chats Webinars Library Fullz and Cybercrime: Why the BidenCash Data Dump Matters By Source Defense Data breaches have become a fact of life for organizations across the globe. But for ten countries, including the U.S., Australia, Mexico, and the United Kingdom, the latest leak of more than 2 million credit and debit cards on an underground carding forum has raised the stakes for e-commerce sites when it comes to protecting customer data. On February 28, the operators of the notorious carding marketplace BidenCash released a dataset of 2,165,700 credit and debit cards to commemorate one year of operation. The leak comprised 740,858 credit cards, 811,676 debit cards, and 293 charge cards, according to researchers at global threat intelligence firm Cyble . BidenCash, which purposely leverages the namesake of U.S. President Joe Biden, has been operating for the past year and has become one of the top carding marketplaces on the dark web. But what makes this latest dump of stolen data significant is the completeness of the dataset. A large percentage of the data is what cybercriminals refer to as “Fullz” or a complete and comprehensive data set of personally identifiable information. “Fullz” typically includes: Other personally identifiable information Given the amount of data contained in the BidenCash dump, victims around the world are at a high risk of identity theft and other financial scams. How Did Cybercriminals Obtain the Data? Digital skimming attacks, also known as Magecart attacks, are designed to skim information entered into payment forms on checkout pages before sending data back to a remote computer controlled by attackers. Attackers accomplish this by compromising the third- and fourth-party Javascript code used by nearly all websites to provide things like online shopping carts, forms, analytics, advertising, social sharing, and much more. Nearly 60 million compromised payment card records were posted for sale on dark web platforms in 2022, of which 45.6 million were classified as card-not-present (CNP)—meaning they were harvested during an online eCommerce transaction. The Recorded Future® Magecart Overwatch program discovered 1,520 unique malicious domains involved in the infections of 9,290 e-commerce domains at any point in 2022. Of these, 2,468 eCommerce domains remained actively infected at the close of 2022. This should be no surprise, as many high-profile Magecart attacks went undetected for months and years. Protect Your Brand Before it’s Too Late Sixty-five percent (65%) of e-commerce shoppers say that “experiencing even a single data security breach would prompt them to leave a merchant for good.” As a C-suite executive, you are responsible for everything your company achieves or fails to achieve. The ultimate responsibility for protecting your customer’s data and privacy rests on your shoulders. With digital skimming attacks on the rise, ensuring that your customer’s payment and personal information are protected should be a priority if you want to avoid the dangerous implications of a data breach. Although the immediate consequences of a data breach are a shock to an organization, the full impact can take years to overcome. Companies that suffer a significant breach face ongoing challenges post-incident. These may include: Reputational/brand damage, including challenges with customer retention Legal costs ranging from fines and penalties to class action lawsuits Operational disruption (including staff turnover) A sharp decline in stock price or business valuation/acquisition price Other financial losses including the cost of the breach investigation, restitution, and PR management Loss of market share to competitors Make Digital Skimming a Thing of the Past The Source Defense Client-Side Web Application Security Platform is an all-in-one, single, and scalable system built for complete threat visibility, control, and prevention of client-side attacks. With this one-of-a-kind technology, client-side threats are stopped in their tracks without your teams needing to lift a finger. Source Defense uses a prevention-first approach and real-time JavaScript sandbox isolation and reflection to prevent client-side attacks without alerting analysts. Source Defense creates virtual pages that isolate the 3rd party scripts from the website. The virtual pages are an exact replica of the original ones, excluding what the 3rd parties are not supposed to see. We monitor all 3rd party script activities on the virtual pages. If the activity is within the premise of what they are allowed to do, we will transfer it from the virtual page to the original one. If not, we will keep their activity on the virtual pages isolated from the user and send a report to the website owner, alerting them of the 3rd party scripts violating their security policy. This is as close to ‘set it and forget it’ security and data privacy that you will see on the market. Ultimately, the Source Defense platform offers a simple way to manage the 3rd party risk in your digital supply chain and prevent attacks from the client side.Waiting to act is simply waiting to be attacked. Visibility is the first and most important part of any risk mitigation program. Source Defense is ready to provide you with a free website risk analysis within the next few days. Get moving with the Source Defense team to close this open gap in your eCommerce security