Blog

Hackers Stealing Credit Card Info Are Targeting E-Commerce WordPress Sites

Dec 22, 2021 | Blog

With the holiday shopping season in full swing shoppers are descending on virtual storefronts in droves seeking the best deals.  Naturally this means that hackers are also circling like sharks watching for an opportunity to steal data and profit from it.

Their most recent trick?  To infect random WordPress plugins with malicious code that can be activated later to harvest and exfiltrate payment card information.

WordPress has gotten pretty good at ferreting out malicious code residing in the ‘wp-includes’ and ‘wp-admin’ directories. Those are the places that most other anti-malware software looks first. So malicious code that relies on being in either of those directories doesn’t tend to last long enough to pay dividends to the hackers.

Naturally this has prompted them to find workarounds. This year’s big evolution in the ongoing war between hackers and security professionals seems to be hiding code in places that not many would think to look for it.

So far that seems to be working out well for the hackers and card scraping type attacks are on the rise again this year.

The good news is that if you have a WordPress ecommerce site and want to minimize your risk there are several things you can do.

Here are the Big Three:

  • Restrict and closely monitor access to your ‘Wp-admin’ folder. Only specific trusted IP addresses should have access to this folder.
  • File integrity monitoring via active server-side scanning. That way if code changes on your website you’ll know about it almost immediately.
  • And make sure your IT staff is reviewing log files on a regular basis. Even if a hacker manages to slip something past your defenses it’s either going to be reflected in the log file or there will be a conspicuous absence which should raise a red flag.

The holiday season is a very big deal to online vendors but it also carries some risk.  Make sure you’re minimizing yours.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech