Online shoppers, your hard-earned money may be at risk! Avoid doing these

A malware is stealing data including usernames, passwords, credit card information and personal details.

E-commerce websites are actively becoming one of the numerously targeted mediums for hackers as they hold the keys to vast volumes of customer data. Reuters

Are you an online shopper? If the answer is yes and you have saved your debit or credit card details on the e-commerce site, then you may be at the risk of financial fraud. A recent cybersecurity research report has claimed that a data-stealing malware has infected over 7,000 e-commerce websites worldwide. The malware has put even those on risk who have shopped from the infected e-commerce site but have not stored their card on the site for faster future purchases.

The malware is stealing data including usernames, passwords, credit card information and personal details. Willem de Groot, a well-known Dutch security researcher, has recently discovered a dangerous flaw in there is a dangerous payment skimming malware that has been stealing thousands from the users.

4.2% of all Magento stores globally are currently leaking payment and customer data pic.twitter.com/Utw9W3t3Oa

— Willem de Groot (@gwillem) August 27, 2018

Groot also claimed that Google has added magentocore[.]net to Chrome's blacklist, as shown by the plummeting infection rate.

Google added magentocore[.]net to Chrome's blacklist, as shown by the plummeting infection rate. pic.twitter.com/CEXp64H1E0

— Willem de Groot (@gwillem) September 3, 2018

The malware dubbed as MagentoCore has been affecting the e-commerce sites that are using Magento software. The malware was installed in more than 7,339 online stores in the last six months and has been affecting more than 50 new websites a day.

How does it work?

The malware is executing the brute-force attacks that are trying to crack the admin panel password. Once the password is cracked the malware injects a malicious piece of code to the HTML which records all the keystrokes from the customers and sends it back to the hacker’s main server.

Besides this, there is a recovery mechanism that deleted the malicious code after it has executed. The researchers analysed more than 2,20,000 websites and 4.2% of them were already leaking user data.

Ankush Johar, Director at Infosec Ventures, an internet security solutions firm, said that organisations need to put in place proper cyber-security infrastructure to guard themselves and their customers against any such fraud.

"This is a reality check for administrators that even the tiniest negligence can lead to a massive disaster. Other organisations must take this as a lesson and make sure proper policies are implemented well across their infrastructure and more importantly is regularly audited. Moreover, even with all security checks in place, it’s extremely important to make sure that the proper alarm bells are in place, so that, even if cybercriminals find a way through, which they eventually will, it doesn’t take months for your SoC to even discover the breach,” Johar told Zeebiz.com

Johar also said that preventing post exploitation is as important as avoiding a breach because it’s not always about if you will get hacked, it's about when and how quickly will you be able to mitigate.

E-commerce websites are actively becoming one of the numerously targeted mediums for hackers as they hold the keys to vast volumes of customer data. Despite merchants on the Magento e-commerce platform being PCI DSS compliant, hackers were able to breach the Magento admin panel and install malicious scripts which were used to record keystrokes identifying sensitive credit card data.

This leads to a question that is it safe to save credit/debit card information on e-commerce websites?

"From an end user’s security viewpoint, there is not much one can do except avoid storing sensitive credit card information on e-commerce platforms and only dealing with brands and mediums that not only hold themselves to the highest standards and regulations of security and privacy but also stay ahead of the curve in terms of cyber security," said Farrhad Acidwalla, media entrepreneur and founder of CYBERNETIV, a cyber security & research firm.

What should a customer do?

* Avoid storing your card details on e-commerce sites.
* Keep a tab on your credit card bills and check for any suspicious transaction.
* If you find any transaction which is not done by you, immediately contact your bank. You may also get your card blocked.
* In case of a suspicious transaction, lodge a report with police.
* Use your card for purchases on trusted websites only
* Before entering card detail on any site, check if the page URL starts with https:// or it has a lock symbol in the browser bar.

Watch This Zee Business Video

Here are some best security practices for system admins:

* Proper auditing of source code: System admins are advised to conduct proper auditing of source code and look out for any unexpected line of code that wasn't supposed to be there. Use version control and monitoring services to get notified the moment a file on the server changes.

* Monitor access to your web server: Use proper Intrusion Detection Systems (IDS) and Log monitoring services to constantly track the kind of access your server is granting to users.

* Regular security auditing + VAPT: Its highly advised that the web admins carry out proper auditing and Vulnerability Assessment & Penetration Testing(VAPT) exercises to close as many loopholes as possible so that it isn’t extremely easy to hack your servers and web applications to upload malicious miners/malware.

* DDoS and Intrusion Prevention Systems: Deploy trusted DDoS prevention services to discourage attackers carrying brute force attacks and use IPS to block common attacks which will help in preventing exploitation even if a vulnerability has slipped past VAPT processes.

TAGS: