E-commerce and online activity have grown exponentially, year-on-year. Bricks and mortar stores have increasingly been migrating their products/services to the Internet, which caters to a larger target market then their physical in-store counterpart. However, a recent hack by a new cybercrime gang has caused some ecommerce WordPress sites to generate a scam to their customers.
A security analyst has discovered this hacking method by setting up a honeypot WordPress site, which was then hacked by the group. The attack involved a brute-force attack which gave the hackers access to the site’s admin account, allowing them to overwrite the main index file and append malicious code onto the site. The aim of the malicious code, according to the security analyst, was to divert incoming traffic to the original site towards a remote command and control (C&C) server managed by the hackers.
A step-by-step attack
- User visits the hacked site;
- The WordPress site redirects the user to the C&C server;
- If the user fits the criteria, the C&C server will reply with a fake HTML version of the online store;
- The user will be directed to view the fake page of the online store.
SEO also in danger
Not only were the hackers redirecting customers to over 7,000 scam online stores, but they were also utilizing each site’s XML sitemap, which was sent to Google’s search engine, then deleted to avoid detection. While this may seem like a harmless process, the site’s ranking on Google can then start to decline, which could lead to SEO extortion schemes in the future.
To find out more about how to stay secure online and in your bricks and mortar store, contact us at Agilient for the latest in security consultation.