A week ago, her researchers RiskIQ αποκάλυψαν ότι έχουν παραβιαστεί πάνω από 100 ηλεκτρονικά καταστήματα (online shops) κατά τους τελευταίους έξι μήνες. Όλα αυτά τα online shops βρέθηκαν injected με κακόβουλο κώδικα JavaScript που μπορούσε να συλλέγει τα data της κάρτας κάθε χρήστη που πραγματοποιούσε κάποια συνchange. But as it turns out, that was only the tip of the iceberg.
Willem de Groot, co-founder of byte.nl, a webhosting provider for Magento's online stores (and not only), has been monitoring the situation for more than a year, and as he says continues to deteriorate.
In November 2015 swept 255.000 online stores from around the world and revealed 3501 violations. The same scan in September of 2016 showed 5925 violated online shops.
November 2015 | 3501 | |
March 2016 | 4476 | + 28 % |
September 2016 | 5925 | + 69 % |
According to Willem of the 3501 online shpos found to be infringed in November of 2015, 754 still allow data theft.
“Προφανώς οι hackers μπορούν να ξαφρίζουν κάρτες ανενόχλητοι για μήνες,” ανέφερε ο de Groot.
According to Willem, the RiskIQ publication reports about the malicious code diversity they discovered in about 100 stores, but there are also at least other 9 malware at 5900 online shops.
"In addition, I found that in the last 48 hours, another 170 new stores were infected with skimming software."
Who is behind this?
Stolen information is naturally sent to collection servers located mainly in Russia, but that does not mean that the criminals are Russians.
"In 2015, some malware was reported and they were all small variations of the same code base. In March 2016, a different malware was discovered. Today, there are at least 9 varieties and 3 separate families of malware. ” de Groot said.
"This shows that multiple individuals or groups are involved."
Με την πάροδο του χρόνου, οι επιτιθέμενοι πήραν όλο και καλύτερα σε obfuscating τον κωδικό theft, και αυτός είναι ο λόγος για τον οποίο είναι δύσκολο να εντοπιστούν.
What to do?
Τα online shops που έχουν πληγεί θα πρέπει να καθαρίσουν τις ιστοσελίδες του και να κοινοποιήσουν την παραβίαση για την προστασία των πελατών τους. Θα πρέπει να αναβαθμίζουν το λογισμικό τους τακτικά, για να βελτιώσουν τη συνολική τους better safety.
"Companies like Visa or Mastercard could revoke the license of transactions from unreliable online shops. It would certainly be much more effective if Google could add the sites that were violated to the Safe Browsing blacklist, ”says de Groot.
"I have submitted all malware samples to the Google Safe Browsing team, but few of them have been detected so far."