A week ago, her researchers RiskIQ αποκάλυψαν ότι έχουν παραβιαστεί πάνω από 100 ηλεκτρονικά καταστήματα (online shops) κατά τους τελευταίους έξι μήνες. Όλα αυτά τα online shops βρέθηκαν injected με κακόβουλο κώδικα JavaScript που μπορούσε να συλλέγει τα στοιχεία της cardς κάθε χρήστη που πραγματοποιούσε κάποια συναλλαγή. Όπως αποδεικνύεται όμως, ήταν μόνο η κορυφή του παγόβουνου.
Willem de Groot, co-founder of byte.nl, a webhosting provider for Magento's online stores (and not only), has been monitoring the situation for more than a year, and as he says continues to deteriorate.
In November 2015 swept 255.000 online stores from around the world and revealed 3501 violations. The same scan in September of 2016 showed 5925 violated online shops.
| November 2015 | 3501 | |
| March 2016 | 4476 | + 28 % |
| September 2016 | 5925 | + 69 % |
According to Willem of the 3501 online shpos found to be infringed in November of 2015, 754 still allow data theft.
"Obviously hackers can crack cards undisturbed for months," de Groot said.
According to Willem, the RiskIQ publication reports on the diversity of the malicious code, which they discovered in about 100 stores, but there are additionally at least 9 more malware in 5900 online shops.
“Furthermore, I discovered that in the last 48 hours, another 170 new stores were infected with skimming. "
Who is behind this?
The stolen information is sent naturally to collection servers located primarily on Russia, but this does not mean that the criminals are Russians.
"In 2015, some malware was reported and they were all small variations of the same code base. In March 2016, a different malware was discovered. Today, there are at least 9 varieties and 3 separate families of malware. ” de Groot said.
"This shows that multiple individuals or groups are involved."
Over time, the attackers got better and better obfuscating the theft code, and that is why they are hard to spot.
What to do?
Affected online shops should clean their websites and report the breach to protect their customers. They should upgrade their software regularly to improve their overall security.
"Companies such as Visa or Mastercard could withdraw the transaction license from online shops that are not reliable. Of course, it would be much more effective if Google could add the hacked sites to the Safe list tourς” αναφέρει ο de Groot.
"I have submitted all malware samples to the Google Safe Browsing team, but few of them have been detected so far."
