More than 300 UK businesses have been left unable to process payments and fulfil orders following a cyberattack on an IT services company. Swan Retail was hit last Sunday, and at the time of writing its servers remain offline.
UK software provider Swan Retail has suffered a cyberattack (Photo by Brendan Moran/Getty Images )
Swan Retail works in the retail and catering sectors, providing software that handles online ordering, point of sale transactions, stock management and accounting services. An investigation into the attack is underway in cooperation with law enforcement agencies, Action Fraud and the National Cyber Security Centre (NCSC).
A spokesperson for Swan Retail told Tech Monitor that its systems were “accessed by an unauthorised third party” on Sunday.
The company said it informed its internal team and the retailers impacted “as quickly as possible” following the attack and it is currently in contact with law enforcement and a panel of external advisers, including Action Fraud and the NCSC, to launch a full forensic investigation into the breach.
The spokesperson said “Swan has experienced a criminal cyberattack incident causing significant disruption to our services and impacting some of our customers’ businesses. We are working around the clock to resolve the issue as well as liaising with law enforcement,” they said.
The investigation is “making good progress”, the company said, but it cannot confirm yet when its services will be back up and running.
The type of cyberattack suffered by the vendor has not been disclosed, but the subsequent outage of its services has impacted a range of independent retailers including department stores and garden centres.
Swan Retail has been owned by ClearCourse, a group of technology brands that provides integrated software solutions and an integrated payment platform, since November 2020.
Swan integrates a host leading online payment services into its platform, many of which have experienced cybersecurity issues over the years.
One of these services, Woocommerce, has been battling a problem in recent weeks, after researchers discovered a vulnerability in a Woocommerce payment plugin for WordPress. Over one million attempts to compromise the plugin have been recorded, with 1.3 million attacks taking place against 157,000 sites in a matter of days following the discovery of the vulnerability on July 14.
It is currently being tracked as CVE-2023-28121, with a severity rating of 9.8 (critical). According to a press release by security vendor Wordfence, the bug is a Woocommerce payments authentication bypass, which “allows unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, which can lead to site takeover.”