Up to 300 UK businesses have been left unable to fulfil orders following a cyberattack on an IT services company. Swan Retail was hit last Sunday, and at the time of writing its servers remain offline.
Swan Retail works in the retail and catering sectors, providing software that handles online ordering, point of sale transactions, stock management and accounting services. An investigation into the attack is underway in cooperation with law enforcement agencies, Action Fraud and the National Cyber Security Centre (NCSC).
Swan Retail cyberattack affects up to 300 customers
A spokesperson for Swan Retail told Tech Monitor that its systems were “accessed by an unauthorised third party” on Sunday.
The company said it informed its internal team and the retailers impacted “as quickly as possible” following the attack and it is currently in contact with law enforcement and a panel of external advisers, including Action Fraud and the NCSC, to launch a full forensic investigation into the breach.
‘Swan has experienced a criminal cyberattack incident causing significant disruption to our services and impacting some of our customers’ businesses,’ a spokesperson for the company told Tech Monitor.
‘We have worked around the clock to resolve this issue and have now begun to resume provision of our online services. We take cybersecurity extremely seriously and continue to liaise with law enforcement on this matter,’ they said.
The type of cyberattack suffered by the vendor has not been disclosed, but the subsequent outage of its services has impacted a range of independent retailers including department stores and garden centres.
Swan Retail has been owned by ClearCourse, a group of technology brands that provides integrated software solutions and an integrated payment platform, since November 2020.
Swan integrates a host of leading online payment services into its platform, one of which has been experiencing cybersecurity issues of its own.
Woocommerce, which was integrated into the Swan Retail System (SRS) in 2018, has been battling a problem in recent weeks, after researchers discovered a vulnerability in a Woocommerce payment plugin for WordPress. Over one million attempts to compromise the plugin have been recorded, with 1.3 million attacks taking place against 157,000 sites in a matter of days following the discovery of the vulnerability on July 14.
It is currently being tracked as CVE-2023-28121, with a severity rating of 9.8 (critical). According to a press release by security vendor Wordfence, the bug is a Woocommerce payments authentication bypass, which “allows unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, which can lead to site takeover.”