A week ago, her researchers RiskIQ revealed that over 100 online stores have been hacked (online shops) during the last six months. All these online shops were found to be injected with malicious JavaScript code that could collect the card details of each user who made a transaction. But as it turns out, that was only the tip of the iceberg.
Willem de Groot, co-founder of byte.nl, a webhosting provider for Magento's online stores (and not only), has been monitoring the situation for more than a year, and as he says continues to deteriorate.
In November 2015 swept 255.000 online stores from around the world and revealed 3501 violations. The same scan in September of 2016 showed 5925 violated online shops.
November 2015 | 3501 | |
March 2016 | 4476 | + 28 % |
September 2016 | 5925 | + 69 % |
According to Willem of the 3501 online shpos found to be infringed in November of 2015, 754 still allow data theft.
"Obviously hackers can crack cards undisturbed for months," de Groot said.
According to Willem, the RiskIQ publication reports about the malicious code diversity they discovered in about 100 stores, but there are also at least other 9 malware at 5900 online shops.
"In addition, I found that in the last 48 hours, another 170 new stores were infected with skimming software."
Who is behind this?
Οι κλεμμένες πληροφορίες αποστέλλονται φυσικά σε διακομιστές collectionς που βρίσκονται κυρίως στη Ρωσία, αλλά αυτό δεν σημαίνει ότι οι εγκληματίες είναι Ρώσοι.
"In 2015, some malware was reported and they were all small variations of the same code base. In March 2016, a different malware was discovered. Today, there are at least 9 varieties and 3 separate families of malware. ” de Groot said.
"This shows that multiple individuals or groups are involved."
Over time, the attackers got better and better obfuscating the theft code, and that is why they are hard to spot.
What to do?
Τα online shops που έχουν πληγεί θα πρέπει να καθαρίσουν τις websites του και να κοινοποιήσουν την παραβίαση για την προστασία των πελατών τους. Θα πρέπει να αναβαθμίζουν το λογισμικό τους τακτικά, για να βελτιώσουν τη συνολική τους ασφάλεια.
“Companies like Visa or Mastercard could revoke it permission συναλλαγών από online shops που δεν είναι αξιόπιστα. Θα ήταν βέβαια πολύ πιο αποτελεσματικό αν η Google θα μπορούσε να προσθέσει τα sites που παραβιάστηκαν στη black list της Ασφαλούς περιήγησης” αναφέρει ο de Groot.
"I have submitted all malware samples to the Google Safe Browsing team, but few of them have been detected so far."