With the holiday shopping season in full swing shoppers are descending on virtual storefronts in droves seeking the best deals. Naturally this means that hackers are also circling like sharks watching for an opportunity to steal data and profit from it.
Their most recent trick? To infect random WordPress plugins with malicious code that can be activated later to harvest and exfiltrate payment card information.
WordPress has gotten pretty good at ferreting out malicious code residing in the ‘wp-includes’ and ‘wp-admin’ directories. Those are the places that most other anti-malware software looks first. So malicious code that relies on being in either of those directories doesn’t tend to last long enough to pay dividends to the hackers.
Naturally this has prompted them to find workarounds. This year’s big evolution in the ongoing war between hackers and security professionals seems to be hiding code in places that not many would think to look for it.
So far that seems to be working out well for the hackers and card scraping type attacks are on the rise again this year.
The good news is that if you have a WordPress ecommerce site and want to minimize your risk there are several things you can do.
Here are the Big Three:
- Restrict and closely monitor access to your ‘Wp-admin’ folder. Only specific trusted IP addresses should have access to this folder.
- File integrity monitoring via active server-side scanning. That way if code changes on your website you’ll know about it almost immediately.
- And make sure your IT staff is reviewing log files on a regular basis. Even if a hacker manages to slip something past your defenses it’s either going to be reflected in the log file or there will be a conspicuous absence which should raise a red flag.
The holiday season is a very big deal to online vendors but it also carries some risk. Make sure you’re minimizing yours.
