Online Skimming: 1.000 affected German online stores

Cyber ​​thief

Information is available to the Federal Office for Information Security (BSI), according to which at least 1.000 German online-Shops of  Online skimming are affected. Use it CyberCriminal Vulnerabilities in Obsolete Versions of Shop softwareto inject malicious code. This then peeks the payment information of the customer during the ordering process and transmits it to the perpetrators. Are affected online-Shopsthat on the widespread Software Magento based.

The injected code and the associated data drain is usually not visible to users. There is currently no information available on the extent of the payment data that has already been leaked via these attacks.

Based on an analysis conducted by a developer of security tools for Magento, 2016 worldwide was nearly 6.000 by as early as September Online skimming affected online-Shops identified, including several hundred Stores German operator. CERT-Bund benachrichtigte daraufhin die jeweils zuständigen Netzbetreiber in Deutschland zu betroffenen online-Shops. According to recent findings, this infection has not been removed by many operators or the Server & Hosting were again compromised. The vulnerabilities exploited by the attackers in Magento were of the shop operators despite existing ones software updatesapparently not closed. this makes possible CyberCriminals continue to spy on payment details and other customer personal information entered on orders. The number of currently known affected online-Shops in Germany has thereby increased to at least 1.000.

The CERT-Bundes of the BSI has again today the respective responsible network operators in Germany concerned online-Shops informed in their networks and asks Providerto forward the information to their customers (shop operators).

"Unfortunately, it still shows that many operators are very negligent in securing their online shops. A variety of shops are running outdated software versions that contain several known vulnerabilities ", explains BSI President Arne Schönbohm. "Operators must live up to their responsibility to their customers and ensure their services quickly and consistently."

Liability of the shop operator

After § 13 paragraph 7 TMG are operators of online-Shops committed to their systems after the State of the art to protect against attacks. A basic and effective measure for this is the regular and rapid import of available security updates.

The BSI points out here that the obligation to secure systems not only applies to companies but also to all other business operators of Websites applies. This includes, for example, websites of private individuals or associations, if their operation is to generate revenue permanently. This is already assumed when placing advertisements paid on websites in the form of banners.

Operator of online-Shops based on Magento can with the free service MageReport Check if your shop system has known vulnerabilities and is affected by the current attacks. For each detected issue, detailed information is provided to resolve it.