Hackers Hide Stolen Payment Card Data Inside Website Product Images

Following the new about a piece of research from Sucuri, which revealed that hackers are hiding stolen payment card data inside website product images, Mark James, security specialist at ESET  commented below.

Mark James, Security Specialist at ESET:

mark-james“Attacks that are capable of returning an immediate gain like credit cards or financial information are always on the rise. The ability to see the fruits of your labours encourage new and better ways to hack those sites that hold this valuable information.

Once stolen its fairly easy to identify credit card numbers in plain text files, they are fairly unique in their structure, and the bad guys are looking for ways to move this data without it being picked up by the average software scanning for those items. If you embed the information inside an image file you have a fairly standard container that is seen in so many aspects of our digital world. Nobody takes any notice of an image file especially if it actually displays the image with no problems, this enables attackers to send those details to almost anywhere unhindered.

Keeping your website safe against these types of hacks could be as simple as making sure your website is running the very latest version of its software. Keeping our systems up to date is very important in all aspects of our digital footprint, not just operating systems, but the applications that are running on them. With so many avenues available for attack it is imperative we monitor, maintain and update all the software we possibly can. If you are unable to update due to manufacturers restraints then you should consider using an alternative program that does include regular updates.”

Information Security Buzz