Almost 6,000 online
shops have been compromised by hackers who added specially crafted code that
intercepts and steals payment card details.
These online
skimming attacks were first discovered by Dutch researcher Willem de Groot a
year ago. At that time, he found 3,501 stores containing the malicious
JavaScript code. However, instead of getting better, the situation is
increasingly worse.
Citrix Systems
IT moves to open
workspaces, but not everyone is happy
In an effort to
boost collaboration and attract millennials, even old-school organizations are
tearing
Read Now
By March the number
of infected shops grew by almost 30 percent to 4,476, and by September, it
reached 5,925. More than 750 online stores that were unwillingly skimming
payment card details for attackers in 2015 are still doing so today, showing
that this type of activity can go undetected for months, the researcher said in
a blog post.
De Groot's data
suggests there are multiple groups engaged in online skimming. While in 2015,
there were variants of the same malware code, today there are three distinct
malware families with a total of nine variants.
"The first
malware just intercepted pages that had checkout in the URL," the
researcher said. "Newer versions also check for popular payment plugins
such as Firecheckout, Onestepcheckout, and Paypal."
The malicious code
is obfuscated and is deployed using known vulnerabilities in content management
solutions or e-commerce software that website owners have failed to patch.
What's worse is
that some shop owners don't seem to grasp the seriousness of these issues or
understand their impact. De Groot gives some examples of the worst answers he
has received from companies when he attempted to inform them about the
compromises.
"We don’t
care, our payments are handled by a 3rd party payment provider," one
unnamed shop owner said.
"Our shop is
safe because we use HTTPS," said another.
HTTPS protects
against man-in-the-middle attacks, where the attacker is in a position on the
network to intercept traffic between a user and a server. However, in this
case, the malicious code runs on the server itself and is served over HTTPS, so
it can see whatever information users enter into websites.
As for using a
third-party payment processor, "if someone can inject Javascript into your
site, your database is most likely also hacked," de Groot said.
The good news is
that some shop owners are taking action, with 334 stores fixed in a 48-hour
period. On the other hand, during the same time period, 170 new stores were
hacked.
No comments:
Post a Comment