HACKERS INFECTING E-COMMERCE SITES TO STEAL PAYMENT DATA EXPERTS WARN
A new keylogger attack is infecting e-commerce websites to steal consumers’ payment data, according to cyber security researchers.
They said it affects multiple e-commerce platforms including Magento, Powerfront and OpenCart and payment provider links including Braintree and VeriSign.
The content that actually steals the data is hosted on remote websites operated by the cyber criminals, and the stolen information is transmitted to these sites via HTTPS.
The researchers said the attack has evolved over time, showing that the culprits have been able to test their system and develop and test enhancements and improvements.
They discovered that the compromise has been used to attack e-commerce websites including Faber and Faber, Everlast, Guess Australia and Rebecca Minkoff.
“As attackers focus on broadening capabilities to seize revenue opportunities, targets of cyber crime face an array of threats,” the researchers said in a blog post.
“E-commerce site owners must take every step necessary to secure their data and safeguard their payment card information. A bad experience at a retailer site may mean the loss of revenue as impacted users take their money elsewhere.
“Because Magecart affects websites deployed on commodity CMS and e-commerce software technology, the implementations of which may be outsourced by merchants to third parties, both merchants and integrators must take active roles in ensuring secure environments for deployed sites.”
E-commerce website administrators must ensure their systems comply with security guidelines and keep all parts of their websites up to date, they advised.
They added that it was important to safeguard credentials used to log into their websites’ backends, and that implementing multi-factor authentication is best practice.
Meanwhile, consumers should “carefully consider” which retailers’ sites they buy from, keep their operating systems and browsers up to date and run security software to minimise the risk that they will fall victim to the attack.