A security researcher has found almost 6,000 online retailers with malicious code on their websites that is capable of stealing customer credit card information. Such attacks take advantage of known vulnerabilities in several web-based payment programs. The hackers are able to compromise the site and inject code that can skim card details.
The blog post detailing the research can be found here: https://gwillem.github.io/
WhiteHat Security has also researched retail website security and found the following:
- Around half of all retail websites exhibit at least one serious security flaw on every single day of the year
- On average, retail sites exhibit 23 unique vulnerabilities
- On average, retail sites exhibit 13 “serious” vulnerabilities, which are classed as either “critical” or “high-risk” on the OWASP risk-rating
- It takes retailers, on average, 205 days to implement an appropriate fix once they are made aware of a vulnerability
- Retailers are prioritising and rectifying just under half of the website vulnerabilities they are made aware of
WhiteHat team commented on this research below.
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“Retailers clearly have a big part to play in website security. These organisations represent thousands of consumer-facing web applications and are responsible for holding both personal and financial information. Despite this, our application security researchers have found that about half of all retail websites exhibit at least one serious security flaw on every single day of the year. On average, the retail sites studied exhibited 23 unique vulnerabilities. Retailers are simply not able to resolve all of the serious vulnerabilities found in their web applications, and it takes them a long time to remediate even the most serious vulnerabilities – on average, 205 days to implement an appropriate fix. The existence of multiple serious vulnerabilities not only increases the total business risk that retail organisations assume, but also the risk that they pass along to users of their vulnerable websites. By prioritising the critical and high–risk security flaws for remediation, retailers stand a good chance of reducing the number of days that serious vulnerabilities remain open to attack.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…