A security researcher has found almost 6,000 online retailers with malicious code on their websites that is capable of stealing customer credit card information. Such attacks take advantage of known vulnerabilities in several web-based payment programs. The hackers are able to compromise the site and inject code that can skim card details.
The blog post detailing the research can be found here: https://gwillem.github.io/
WhiteHat Security has also researched retail website security and found the following:
- Around half of all retail websites exhibit at least one serious security flaw on every single day of the year
- On average, retail sites exhibit 23 unique vulnerabilities
- On average, retail sites exhibit 13 “serious” vulnerabilities, which are classed as either “critical” or “high-risk” on the OWASP risk-rating
- It takes retailers, on average, 205 days to implement an appropriate fix once they are made aware of a vulnerability
- Retailers are prioritising and rectifying just under half of the website vulnerabilities they are made aware of
WhiteHat team commented on this research below.
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“Retailers clearly have a big part to play in website security. These organisations represent thousands of consumer-facing web applications and are responsible for holding both personal and financial information. Despite this, our application security researchers have found that about half of all retail websites exhibit at least one serious security flaw on every single day of the year. On average, the retail sites studied exhibited 23 unique vulnerabilities. Retailers are simply not able to resolve all of the serious vulnerabilities found in their web applications, and it takes them a long time to remediate even the most serious vulnerabilities – on average, 205 days to implement an appropriate fix. The existence of multiple serious vulnerabilities not only increases the total business risk that retail organisations assume, but also the risk that they pass along to users of their vulnerable websites. By prioritising the critical and high–risk security flaws for remediation, retailers stand a good chance of reducing the number of days that serious vulnerabilities remain open to attack.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…