Πριν από μία εβδομάδα, researchers of RiskIQ revealed that over 100 online stores have been hacked (online shops) during the last six months. All these online shops were found to be injected with malicious JavaScript code that could collect the card details of each user who made a transaction. But as it turns out, that was only the tip of the iceberg.
Willem de Groot, co-founder of byte.nl, a webhosting provider for Magento's online stores (and not only), has been monitoring the situation for more than a year, and as he says continues to deteriorate.
In November 2015 swept 255.000 online stores from around the world and revealed 3501 violations. The same scan in September of 2016 showed 5925 violated online shops.
November 2015 | 3501 | |
March 2016 | 4476 | + 28 % |
September 2016 | 5925 | + 69 % |
According to Willem of the 3501 online shpos found to be infringed in November of 2015, 754 still allow data theft.
"Obviously hackers can crack cards undisturbed for months," de Groot said.
According to Willem, the RiskIQ publication reports about the malicious code diversity they discovered in about 100 stores, but there are also at least other 9 malware at 5900 online shops.
“Επιπλέον, ανακάλυψα ότι κατά τις τελευταίες 48 ώρες, άλλα 170 νέα καταστήματα προσβλήθηκαν με λογισμικό skimming. "
Who is behind this?
The stolen ones information they are of course sent to collection servers located mainly in Russia, but this does not mean that the criminals are Russian.
"In 2015, some malware was reported and they were all small variations of the same code base. In March 2016, a different malware was discovered. Today, there are at least 9 varieties and 3 separate families of malware. ” de Groot said.
"This shows that multiple individuals or groups are involved."
Over time, attackers got better and better at obfuscating the code theft, and that is why they are difficult to detect.
What to do?
Affected online shops should clean their websites and report the breach to protect their customers. They should upgrade their software regularly to improve their overall security.
"Companies like Visa or Mastercard could revoke the license of transactions from unreliable online shops. It would certainly be much more effective if Google could add the sites that were violated to the Safe Browsing blacklist, ”says de Groot.
"I have submitted all malware samples to the Google Safe Browsing team, but few of them have been detected so far."