Major surf retailer victim of two-week cyber attack

Forget about what might be lurking in the water, one of the world’s largest retailers of surfwear and surf accessories has been hit by a cyber-attack that has lasted 2 weeks. The impact of which is having a big effect on Christmas sales.

Billabong and Quicksilver, both owned by US company Boardrider Inc, was the subject of international hackers who managed to break into the firm’s IT systems, communications, and sales and distribution departments.

Customers are still reporting experiencing problems.

Thanks to the IT teams

In a statement, the parent company says: “Our IT teams have been working to quickly restore our systems to support our operations, which are now largely transacting and shipping normally,’ the company said in the statement.”

“We are proud of how our teams have responded to this challenge, and we are incredibly grateful for their hard work.” Boardrider continued.

Attacks likely to spike

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented on the spread of attacks on online retailers that happen just before Christmas. He says: “Pre-Christmas attacks against retailers and e-commerces will likely spike by the end of this year. In light of a steady growth of targeted [and successful] ransomware attacks, both in terms of quality and quantity, victims are particularly susceptible to extortion and will almost certainly pay ransom during the hottest sales days of the year.”

He adds: “Growing complexity of IT infrastructure and clouded visibility of digital assets make effective cyber-defense virtually impossible, providing attackers with a multitude of entry points from the Internet via abandoned web applications, forgotten test systems, unprotected cloud storage or just business-critical systems with weak passwords. A lot of organizations underestimate and disregard how many of their corporate passwords are available for sale in the Dark Web. Attackers are well-aware of this low-hanging fruit and run overly successful password re-use and spear-phishing campaigns. Worse, such attacks are pretty complicated to detect and often remain unnoticed by the victims.”

How to avoid problems

In his advice, Kolochenko suggests that customers should be aware of suspicious offers and activities.

“Holistic visibility of your digital assets, continuous security and anomaly monitoring combined with a third-party risk management can negate most common attack vectors deployed by cybercriminals in a modern threat landscape. Customers who prefer online shopping shall be cautious to any abnormal activities, ignore offers that are too good to be true and preferably have a dedicated credit card for e-shopping with alerts by SMS about every transaction.” The Immuniweb CEO adds.

This breach follows recent news that according to the Office of the Privacy Commissioner of Canada (OPC), over 28 million Canadians have been affected by data breaches in the last year.