Express Computer
Home  »  Industries  »  IT / ITeS  »  Report Suggests That Hackers Have Broken Into 570 E-Commerce Stores

Report Suggests That Hackers Have Broken Into 570 E-Commerce Stores

This is inclusive of India, however, the US was the country that hosted the largest selection of these victim e-commerce sites 

0 245

As per reports, a hacker group has broken into at least 570 e-commerce stores in 55 countries, including India in the last three years, that has leaked information on more than 184,000 stolen credit cards and has generated more than $7 million from selling compromised payment cards.

Popularly knows as ‘Keeper’, this group has been stealing information from such online stores that include Mumbai-based online jewellery store ejohri.com which was allegedly hacked and compromised this year. According to Gemini threat intelligence firm, more than 85% of the victim sites had operated on Magento CMS, which is known to be the top target for Magecart attacks and it also boasts more than 250,000 users worldwide. 

Most of these e-commerce victim sites were from the US, which was followed by the UK and the Netherlands. Some of the hacked ones by these websites are online bicycle merchant milkwayshop.it, Pakistan-based clothing alkaramstudio.com, Indonesia-based Apple product reseller ibox.co.id, and US-based premier wine and spirits seller cwspirits.com, along with the others. 

Also, it’s learnt that there have been compromises by the Keeper ‘Megacart’ group with hundreds of domains and they also likely had extracted payment card information from many more that are yet to be uncovered. The report said that with the revenue that is likely to exceed $7 million have increased cybercriminal interest in CNP (Card Not Present) data during the COVID-19 quarantine measures across the world, and also that this group’s market niche appears to be secure and profitable. 

Also, it’s highly likely that Keeper would be continuing to launch increasingly sophisticated attacks against online merchants all across the world. This detail was first uncovered by Gemini, where they identified an unsecured access log on Keeper control panel with around 184,000 compromised cards with timestamps that ranged from July 2018 to April 2019. 

The report further said that extrapolating the number of cards per nine months to Keeper’s overall lifespan, and also given the dark web median price of $10 per compromised Card Not Present (CNP), this group has probably generated upwards of $7 million USD from selling compromised payment cards. 

The further analysis states that in mid-2020, Megacart attacks have become almost a daily occurrence to small medium-sized e-commerce companies. One of the major concerns is that of operating on an outdated content management system (CMS), utilising unpatched add ons, and also having administrators’ credentials that get compromised through sequel injections that leaves e-commerce merchants vulnerable to a variety of attack vector. 

There have been thousands of Magecart attacks (ranging from simple to dynamic injection of malicious code using a criminally hosted domain) stretching to leveraging Google Cloud or GitHub storage devices and also using steganography for embedding malicious payment card-stealing code into an active domain’s logos and images have been uncovered by the Gemini team. 

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image