It is believed as many as 5900 online stores were targeted by hackers. The hackers added uniquely crafted code that intercepts customers’ card details and steals the information.
Sadly the situation has not improved in a year. In fact some online stores that were discovered by de Groot to be unwillingly skimming payment card details for attackers in 2016 are still doing so today. Over 750 online stores are still doing so today.
This type of skimming activity can go on for months without detection, as this incident proves.
According to De Groot, there are a number of hacker groups involved in this online skimming, as is evidenced by the fact that in 2015 there were variants of the same malware code but today there are 3 distinctively different malware “families” and nine variants.
An article on ITnews.com explains,
“The first malware just intercepted pages that had checkout in the URL,” the researcher said. “Newer versions also check for popular payment plugins such as Firecheckout, Onestepcheckout, and Paypal.”
Vulnerabilities in the website are being taken advantage of by the hackers, when website owners failed to address these problems.
Many shop owners don’t understand the seriousness of the problem and aren’t taking responsibility as they should.
The article went on to detail examples of the worst answers received by de Groot from companies when he told them of the vulnerabilities,
“We don’t care, our payments are handled by a 3rd party payment provider,” one unnamed shop owner said.
“Our shop is safe because we use HTTPS,” said another.
De Groot explained that while HTTPS protects against man-in-the-middle attacks, where the hacker is in a position on the network to intercept traffic between a user and a server, in these the hackers have figured out how run the malicious code on the server itself over HTTPS. That means that whatever information users input onto the website, the hacker can access with the aim of getting their credit card information.
Mr de Groot went on to state: