A week ago, her researchers RiskIQ have revealed that they have been breached over 100 online shops over the past six months. All of these online shops were injected with malicious JavaScript code that could collect the card details of each user who was making a transaction. As it turns out, it was only the tip of the iceberg.
Willem de Groot, co-founder of byte.nl, a webhosting provider for Magento's online stores (and not only), has been monitoring the situation for more than a year, and as he says continues to deteriorate.
In November 2015 swept 255.000 online stores from around the world and revealed 3501 violations. The same scan in September of 2016 showed 5925 violated online shops.
November 2015 | 3501 | |
March 2016 | 4476 | + 28 % |
September 2016 | 5925 | + 69 % |
According to Willem of the 3501 online shpos found to be infringed in November of 2015, 754 still allow data theft.
"Obviously hackers can crack cards undisturbed for months," de Groot said.
According to Willem, the RiskIQ publication reports about the malicious code diversity they discovered in about 100 stores, but there are also at least other 9 malware at 5900 online shops.
"In addition, I found that in the last 48 hours, another 170 new stores were infected with skimming software."
Who is behind this?
The stolen ones information they are of course sent to collection servers located mainly in Russia, but this does not mean that the criminals are Russian.
"In 2015, some malware was reported and they were all small variations of the same code base. In March 2016, a different malware was discovered. Today, there are at least 9 varieties and 3 separate families of malware. ” de Groot said.
"This shows that multiple individuals or groups are involved."
Over time, the attackers got more and more better in obfuscating him code theft, and that is why they are difficult to detect.
What to do?
Affected online shops should clean their websites and report the breach to protect their customers. They should upgrade their software regularly to improve their overall security.
“Εταιρείες όπως η Visa ή η Mastercard θα μπορούσαν να ανακαλέσουν την άδεια συναλλαγών από online shops που δεν είναι αξιόπιστα. Θα ήταν βέβαια πολύ πιο αποτελεσματικό αν η Google θα μπορούσε να προσθέσει τα sites που παραβιάστηκαν στη μαύρη λίστα της Ασφαλούς περιήγησης” αναφέρει ο de Groot.
"I have submitted all malware samples to the Google Safe Browsing team, but few of them have been detected so far."