Shop shock. Hackers have compromised nearly 6,000 online shops to skim payment card data. And the problem is getting worse
Thousands of online shops are unknowingly harbouring malicious code after hackers took advantage of unpatched software flaws to inject their code, in order to intercept and steal payment card details.
This is the warning from Dutch researcher Willem De Groot. He actually discovered the problem late last year, when he scanned 255,000 online stores globally and found 3501 stores to be ‘skimmed‘.
The researcher pointed out that the skimming code was found in website across a number of industries such as car makers (Audi ZA) to government (NRSC, Malaysia) to fashion (Converse, Heels.com), to pop stars (Bjork) to NGOs (Science Museum, Washington Cathedral).
To trick the casual observer, the malware has sometimes been disguised as UPS code, said the researcher. He also pointed out that “multiple persons or groups” are involved in carrying out this criminal activity.
De Groot also noted some of the complacent responses from online shops when they were informed of the problem with their website.
“We don’t care, our payments are handled by a 3rd party payment provider,” said one online shop.
“Our shop is safe because we use https,” added another shop.
De Groot advised online shops to upgrade their software regularly to prevent any new cases, but he admitted that “this is costly and most merchants don’t bother.”
And what of the nearly 6,000 online shops that have been compromised? De Groot complained that no-one seems to be proactively contacting the shops about the problem.
“Companies such as Visa or Mastercard could revoke the payment license of sloppy merchants,” he wrote. “But it would be way more efficient if Google would add the compromised sites to its Chrome Safe Browsing blacklist. Visitors would be greeted with a fat red warning screen and induce the store owner to quickly resolve the situation.”
De Groot said that he had submitted details of the problem to Google’s Safe Browsing team. He recommended that any worried online shop to check MageReport to see if their store has been compromised.
One security expert said that online shops have to ensure that protecting customer data remains their top priority.
“Protecting customer data is a top priority for online retailers, but this attack demonstrates the damage which can be done once hackers have made their way inside,” said Matt Middleton-Leal, regional director UK & North of CyberArk.
“In this case, known vulnerabilities allowed hackers to obtain stores’ admin access and get away with valuable financial information,” said Middleton-Leal. “With cybercriminals increasingly getting into a network through simple means, online retailers must act fast to lock down these powerful admin accounts and keep sensitive customer data secure.”
Earlier this year, FraudAction (a security division of EMC) warned that committing online fraud is just too easy nowadays.
How much do you know about hackers and viruses? Take our quiz to find out!