Hackers Steal SQL Databases From Several Online Shops, Demand Bitcoin in Return

June 1, 2020

Lately, online shops across various countries are losing their SQL databases to hackers. The attackers are penetrating insecure servers that are reachable over the public websites, copying the databases, and demanding bitcoins in exchange for stolen data.

What’s brewing?

  • The ongoing rise in SQL database encryption, extortion, stealing is targeting e-commerce platforms.
  • According to the reports, most of the online stores are from Germany followed by Brazil, the U.S., Italy, India, Spain, and Belarus. All these countries run e-commerce platforms such as Shopware, OpenCart, Magento v1 and v2, PrestaShop, and JTL-Shop.
  • Threat actors are demanding the ransom to be paid in the form of bitcoin within ten days, or else they sell the data on public websites.
  • Perhaps the attackers are selling the stolen databases on the dark web, doubling their profits.

E-Commerce sites entice crooks

  • Recently, threat actors acting under the Magecart umbrella group were seen exploiting an old vulnerability in a Magento plugin to deploy credit card-skimming malware on e-commerce sites.
  • A few weeks back, the ShinyHunters hacking group breached Bhinneka, an Indonesian e-commerce company. The hackers stole 1.2 million user records and sold them on the dark web in exchange for bitcoin.

Hackers’ undying lust for bitcoin

  • Hackers gained access to Johannesburg city council’s computer systems and demanded ransom payment in the form of four bitcoins in October 2019.
  • In June 2019, a ransomware, dubbed Triple Threat, attacked municipalities in Florida, encrypting the data stored in the computers of the City of Lake City. The attackers demanded a ransom of 42 Bitcoins in exchange for the decryption keys to restore the data.

The bottom line

Online extortions have advanced significantly over the last few years. Many hacking groups have started leveraging machine learning capabilities to successfully detect obsolete web applications across the internet. They silently install a backdoor or patch vulnerabilities to prevent rival threat actors from gaining control over a victim’s website.

Amid the pandemic, most of the newly developed web applications by e-commerce platforms are insecure and vulnerable. A surge in new attacks targeting vulnerable e-commerce platforms will likely be seen in the near future, most of which will prove costly for the victims.

Read the original article and additional information at Cyware Social