Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
How to avoid becoming a victim of cybercriminals and protect your website from attack?
According to the latest report from Sucuri, with the start of holiday shopping, cybercriminals are stepping up attacks on online stores. The main threat is the theft of credit card data using malware known as "MageCart". This time of year attracts hackers because the increase in online purchases allows them to make the most money by selling stolen data on the dark web.
One of the most popular attack methods is the introduction of WebSocket skimmers. Since August of this year, this threat has been detected on 432 sites. Attackers use special server technologies to secretly transmit user data to external servers, bypassing standard protection systems.
The most vulnerable platforms for such attacks remain WordPress, Magento, and OpenCart. For example, one type of attack uses the fromCharCode function and XOR encryption with the number 42, a reference to the famous book by Douglas Adams. Analysis has revealed that the stolen data is being sent to dubious domains such as 'cdn[.]iconstaff[.]top».
Another popular method is hex-coded skimmers, which are actively distributed on sites that use Magento and WooCommerce. Malicious code injects itself into databases and JavaScript files, creating fake forms for entering payment data. After that, the information is transmitted to external servers, such as "cpeciadogfoods[.]com».
Another type of threat is base64-encoded injections that masquerade as WordPress plugins and modules. Malicious code hides in plugin files and is activated on checkout pages. This type of attack has gained popularity due to the difficulty of detection by antivirus programs.
The Smilodon group, which has been targeting WordPress sites using malicious plugins for several years, is particularly active. This year, attackers have improved their methods by replacing standard plugin names with random strings to bypass security systems.
To protect their online stores in the run-up to the holidays, owners are advised to conduct a security audit. It is necessary to enable two-factor authentication for administrators, update all plugins and themes, install up-to-date security patches for Magento, and check the reliability of the hosting. Compliance with these measures will help avoid data leaks and problems with payment systems.
Source
According to the latest report from Sucuri, with the start of holiday shopping, cybercriminals are stepping up attacks on online stores. The main threat is the theft of credit card data using malware known as "MageCart". This time of year attracts hackers because the increase in online purchases allows them to make the most money by selling stolen data on the dark web.
One of the most popular attack methods is the introduction of WebSocket skimmers. Since August of this year, this threat has been detected on 432 sites. Attackers use special server technologies to secretly transmit user data to external servers, bypassing standard protection systems.
The most vulnerable platforms for such attacks remain WordPress, Magento, and OpenCart. For example, one type of attack uses the fromCharCode function and XOR encryption with the number 42, a reference to the famous book by Douglas Adams. Analysis has revealed that the stolen data is being sent to dubious domains such as 'cdn[.]iconstaff[.]top».
Another popular method is hex-coded skimmers, which are actively distributed on sites that use Magento and WooCommerce. Malicious code injects itself into databases and JavaScript files, creating fake forms for entering payment data. After that, the information is transmitted to external servers, such as "cpeciadogfoods[.]com».
Another type of threat is base64-encoded injections that masquerade as WordPress plugins and modules. Malicious code hides in plugin files and is activated on checkout pages. This type of attack has gained popularity due to the difficulty of detection by antivirus programs.
The Smilodon group, which has been targeting WordPress sites using malicious plugins for several years, is particularly active. This year, attackers have improved their methods by replacing standard plugin names with random strings to bypass security systems.
To protect their online stores in the run-up to the holidays, owners are advised to conduct a security audit. It is necessary to enable two-factor authentication for administrators, update all plugins and themes, install up-to-date security patches for Magento, and check the reliability of the hosting. Compliance with these measures will help avoid data leaks and problems with payment systems.
Source
