The thieving cyber gits are back at it again!
Willem De Groot, head of Dutch eCommerce security site byte.nl, has announced that 5,925 web shops have been hit with a host of data collecting malicious software.
The attacks focused on a number of hidden exploits which attackers sought out and accessed in order to collect payment information. All stolen data was up for sale, where cards were sold for around £30 each. At least the market price is reasonable.
If only there was a single type of breach software to look out for, but worryingly there are around 9 differing types. De Groot was vicitm to the hack himself and has taken up the duty of tracking down and documenting the features of the attack, which looks like it began in May 2015. Most of the data was sent directly to servers in Russia.
More worrying is that he suspects more than one group to be behind the breach, making this more than your average bug hunt.
De Groot has been hard at work contacting sites that have been hit by the breach, and many have already taken action to flush the problem out for good. But after 18 months of sapping, it is difficult to define how much information has been whisked away.
Many website use their own method of collecting data and payment, which often results in some fairly lapse security. De Groot recommends only using sites that have high security functions such as Paypal, which has a huge security team to stop these kinds of hacks.
The sophistication of hacking software has become worryingly advanced over the last few years, and traditional policing services have been understandably slow to respond to this sudden surge in cyber crime. The last few breaches have been discovered almost entirely by private companies specializing in combating online risk, which, in fairness, does make sense.
The cost of upgrading security software is direct barrier to many small retailers, who increase the risk to customers when looking to reduce expenses.
Cyber crime is a new phenomena, and it’ll take many years before an effective method of combating the roots of the issue comes forward. Until then, thanks private security firms!