In spite of the fact that WordPress continues to be the most hacked CMS platform, compromising online shopping platforms such as Magento, OpenCart, and others is by far more lucrative for online crooks.
According to Willem de Groot, security analyst for
Byte.nl, the number of online shops infected with malware
has
skyrocketed in the past year, as crooks found that online skimming
presents a greater target and more anonymity than real-world ATM
skimming.
The recent surge in online skimming has fueled a growth in carding sites,
which now often sell payment card data stolen via compromised online
store payment pages and PoS malware, rather than data acquired from ATM
skimmers.
Online skimming has gone up 69% in 10 months
De Groot, who is also one of the people behind MageReport.com,
a Magento site security scanner, has been keeping track of online
stores infected with malware ever since November 2015, when he first saw
an uptick in such cases.
A general Internet scan of 255,000 online stores has revealed the presence of various malware variants on 3,501 shops.
When he repeated the scan in March 2016, he found
4,476 infected stores, which represented an increase of 28 percent. Ten
months later, in September 2016, de Groot found 5,925 infected sites, up
69 percent from November 2015.
With the recent discovery of the MageCart malware, de Groot repeated his scan once again, on October 10, when he found 5,911 infected stores. The good news is that the MageCart report scared enough webmasters, and on October 12, the number had gone down to 5,761, with 334 admins cleaning up their stores, while 170 new stores were infected.
Some high-profile sites are infected
You might be tempted to think that only old and
niche websites suffer such infections. It's not true. De Groot
highlights some pretty high-profile sites on his most recent infection
lists.
He mentions the online store of Icelandic singer Bjork, the store of Audi South Africa, and the website of the NRSC (National Republican Senatorial Committee).
Some webmasters don't understand the problem, or just don't care
Cleaning up these stores is not a simple job, since
updating some online platforms such as Magento requires some level of
technical skills, and it's not a one-click button job.
But de Groot doesn't have a problem with the
technical side of updating online stores, since all online platforms
provide very good documentation to get this done. His problem is with
the human factor. Here are some of the replies he received from store
admins whom he notified:
Online skimming malware is now more complex
And if the ignorance of online store owners weren't enough, de Groot, who's been keeping track of different malware families, says he's seen a rise in sophistication for the malware's code.
He mentions that in its first variations, the
malware - usually a JavaScript file secretly loaded on the online store -
would wait until the user would access a page with the "checkout" term
in the URL. Nowadays, malware has support for various types of checkout
and payment extensions and uses very complex code obfuscation.
Besides getting harder to detect, the number of
online skimming malware has gone through the roof as well. De Groot says
that in almost a year, online skimming malware has gone from one single
threat to nine varieties and three distinct malware families.
Google, Visa, and Mastercard should intervene
"Companies such as Visa or Mastercard could revoke the payment license of sloppy merchants," de Groot proposes.
"But it would be way more efficient if Google would add the compromised
sites to its Chrome Safe Browsing blacklist. Visitors would be greeted
with a fat red warning screen and induce the store owner to quickly
resolve the situation."
De Groot says that he's been sending the Safe
Browsing team reports about his findings, but currently only a handful
of these sites are blacklisted.
Lets Talk About It! Join Me Please
EmoticonEmoticon