Thousands of payment cards’ information stolen from more than 105 e-commercial websites

Chinese cyber security firm Qihoo 360’s NetLab recently revealed that hackers are currently stealing customers’ payment card information in an ongoing credit card hacking campaign by visiting more than 105 e-commerce websites. However, the researchers are not sure if the number is limited and it is speculated that it can go up.

How did attackers stole the payment card information?

According to researchers, attackers have been injecting malicious JS scripts on the malicious domain ‘www.magento-analytics[.]com’ on various e-commerce website for the last seven months. These malicious scripts included digital credit card skimming code. This code automatically stole the information related to the payment card including the credit card number, name of the credit card holder, date of expiration as well as the CVV number of the card. The malicious script then sent the stolen payment card data to another file hosted on the magento-analytics[.]com server controlled by the attackers.

Researchers have confirmed that all the affected e-commercial websites are running over Magento e-commerce CMS software. The technique used in this cyber-attack has been previously employed by the MageCart credit card hacking groups in hundreds of attacks including British Airways, Ticketmaster as well as Newegg. However, NetLab has not confirmed whether the MageCart groups are behind this. The malicious domain is supposedly registered in Panama however, this IP address has moved from Arizona in U.S. to Moscow in Russia to Hong Kong in China. Attackers exploit vulnerabilities in the online software in the online e-commerce websites for injecting malicious scripts.

These are only a few examples of the cyber-attacks. However, cyber community has seen many other forms of cyber-attacks that have not only created disturbance but also, have cost million of dollars to the community. Some of the types of cyber-attacks are:

  • DDoS attacks: In a Distributed Denial of Services attack, the attacker redirects unlimited traffic on a website.
  • Man-in-the-middle attack: It is a form of eavesdropping attack where the attacker puts himself in the middle of the two parties, impersonates them and gain access to the information that both parties were trying to send each other.
  • Drive-by attack: One of the common methods of spreading malware, attackers put malicious script in the PHP or HTTP code of an insecure website.
  • SQL Injection attack: This is a type of injection attack that allows the possible execution of malicious SQL statements. Vulnerabilities present in the SQL injection allows bypassing application security measures.
  • Eavesdropping Attack: This attack is also known as Snooping or Sniffing attack where the attacker steals information that computer and other devices transmit over the network.

Other form of cyber attacks deployed on websites include Phishing and Spear Phishing attack, Cross-site scripting attack, Password attack etc.

How can we ensure the security of websites?

  • Ensure to apply latest updates and patches.
  • Ensure the regular assessment of website is performed through various approaches including vulnerability assessment and penetration testing (VAPT).
  • Employing Content Security Policy acts as an add-on security layer that can help in detecting and mitigating certain types of attacks.
  • Ensure validation on both server and browser side in order to prevent insertion of malicious scripting code into the database.

World is becoming digital and with this everything is moving online. Organizations are shifting their entire database as well as business online. It is therefore becoming easier for attackers to access, manipulate, steal, erase or even misuse this information that might be lying on the website. It is therefore extremely important to secure your website against any malicious intent.

Leave a Reply