Sixth June Fashion Site Hacked to Steal Credit Cards- Comment

It has been reported that French fashion online store Sixth June is offering shoppers more than the latest in apparel as the site was infected with code that steals payment card info at checkout. These types of scripts as MageCart because they initially targeted sites using the Magento e-commerce platform. They are also called e-skimmers because they collect data from a card when it is used for online purchases. Similar to the physical skimmers copying card data when used at an ATM to withdraw cash, an e-skimmer reads and stores the info from the checkout page and sends it to the attacker.

Commenting on this, Yossi Naar, Co-founder and Chief Visionary Officer at Cybereason, said “The Sixth June breach is a stark reminder that no matter how much money organisations throw at security awareness training, improving their overall hygiene and strengthening their IT systems, they will suffer data breaches. In an attempt to at least level the playing field, companies need to immediately pay more attention to post-breach detection and mitigation and assume they will be breached and start protecting their data accordingly. A few simple steps include encrypting all data that is deemed sensitive, limiting employee access to networks and reducing large collections of data in widely accessible systems.

“Often times, enterprises treat their networks like their homes, which naturally are a lot less secure than your average IT network. In my home, I wouldn’t worry about someone stealing my wallet or valuables and walking out the front door. But I wouldn’t leave the wallet or valuable on a chair at an airport. Overall, our actions change when our perception of our environment changes and our understanding of how much trust we put into it. The same applies to detection- I expect airports to have cameras watching everything and every movement- but not inside my home. So if we think of our network as our protected home, we ignore some basic security that should exist there – such as activity monitoring. The post-breach mindset means that we need to start thinking of enterprise networks less like our home and more like airports.”