Annie - RH-ISAC - Page 8 of 24 Blog

Account Takeover (ATO) remains a persistent challenge in retail and hospitality, with attackers continuously refining their techniques.  Over the past 18 months, 6.2 million accounts have been compromised – including 55,000 in the last month alone. Despite advancements in security, automated bot-fueled attacks continue to bypass traditional defenses, costing businesses billions in fraud-related losses and…

Executive Summary Kaspersky ICS CERT has identified SalmonSlalom, a sophisticated cyber campaign targeting industrial organizations in the Asia-Pacific (APAC) region. The attack employs a multi-stage payload delivery system, utilizing legitimate Chinese cloud services such as Youdao Cloud Notes and myqcloud for hosting and command-and-control operations. The malware framework delivers FatalRAT, a remote access trojan (RAT),…

VIENNA, VA (February 20, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced the appointment of three new regional vice chairs to strengthen its global engagement and member support. Marnie Wilking, VP and CSO at Booking.com, will serve as Vice Chair for the European, Middle East, and Africa region. Dave…

Executive Summary Proofpoint has identified two new cybercriminal threat actors, TA2726 and TA2727, responsible for web inject campaigns that distribute malware through compromised websites, according to a recently published report. TA2726 and TA2727 actors operate traffic distribution services (TDS) to redirect users to fake update lures, leading to the installation of malware on Windows, MacOS, and…

Executive Summary FortiGuard Labs has identified a new variant of Snake Keylogger, also known as 404 Keylogger, which has been responsible for over 280 million blocked infection attempts worldwide. This malware is designed to steal sensitive credentials by logging keystrokes, accessing browser-stored passwords, and exfiltrating data through SMTP and Telegram bots; targeting Windows users primarily located in…

Executive Summary A recent investigation by Sucuri uncovered a sophisticated credit card skimmer on a Magento-based eCommerce website, leveraging Google Tag Manager (GTM) to inject malicious JavaScript and steal payment details. The malware was hidden within the cms_block.content database table, allowing attackers to discreetly intercept checkout page transactions. Further analysis by Sucuri revealed a backdoor in the…

VIENNA, VA (February 12, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) has released the full agenda for its upcoming annual Cyber Intelligence Summit, the premier event for cybersecurity professionals working in retail, hospitality, and other consumer-facing industries. Scheduled to take place on 7-9 April in St. Louis, Missouri, the conference…

VIENNA, VA (January 21, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is thrilled to announce that Rachel Tobac, renowned cybersecurity expert and CEO of SocialProof Security , will deliver the keynote address at the 2025 RH-ISAC Cyber Intelligence Summit, taking place 7–9 April, 2025, in St. Louis, Missouri. In her…

Executive Summary In early December 2024, Arctic Wolf Labs identified a sophisticated cyberattack campaign targeting Fortinet FortiGate firewall devices. Unidentified threat actors exploited a suspected zero-day vulnerability to gain unauthorized access to the devices’ management interfaces, allowing them to alter firewall configurations and extract credentials using DCSync. Community Impact A successful compromise of FortiGate firewalls in this…

Executive Summary A sophisticated credit card skimmer malware has been discovered targeting WordPress websites, stealthily injecting malicious JavaScript into the site’s database to steal sensitive payment information. This skimmer, designated malware.magento_shoplift.273 by Securi, specifically activates on checkout pages, either by hijacking legitimate payment fields or injecting fake credit card forms. The stolen data, including credit card…