Glasgow-based surfaces manufacturer Rearo Laminates has revealed that it was recently targeted by a “significant” cyber-attack, which saw criminals posing as online customers to place thousands of fictional orders.
It is believed that the suspects were using Rearo’s ordering system in an attempt to validate stolen credit and debit card numbers, which could then be used to buy goods and services elsewhere.
Fortunately, Rearo says it identified the cyber-attack before any orders were dispatched, so the cyber-criminals weren’t able to inflict any damage or cost to the company directly.
The attack was discovered after employees noticed an unusual spike of unsuccessful order transactions numbering in the thousands, all of which were placed over the course of a single weekend.
Rearo’s IT implementation manager Stuart Hutcheson said: “We had processed around 180 orders through our website and enterprise resource planning system, but the cyber-attackers had attempted a staggering 4,800 transactions, which shows the scale of their operation.
“They were clearly attempting to validate credit card number combinations, for use elsewhere. Although their success rate was a mere 8% to 9%, it underscores the gravity of the situation.”
The company has alerted police to the incident, and is now warning other businesses to be on alert for similar attacks.
Hutcheson continued: “They buy data from illegitimate sources and then feed these credit card numbers into an algorithm, attempting to match the correct combinations. This phenomenon is gaining traction. We know of two other businesses that manage online sales that have been affected recently. It’s becoming a more mainstream threat.”
Following the incident, Rearo says that it hopes the incident can serve as a wake-up call for others in the industry and serve as an example of the rising threat of cyber-crime.
“The skills required in this field are constantly evolving and organisations, especially SMEs, must invest in staying ahead of cyber threats,” added Hutcheson. “It’s also important for businesses to raise awareness about cyber security issues among their employees and customers.
“We are planning to provide cyber security training to staff, educating them about data protection, safe online practices, and the importance of securing their own digital lives.”