Hacker Tracker | March in Review

PK Tech Blog Image 2

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

Hackers inject credit card stealers into payment processing modules | 3.22.23

  • A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the ‘Authorize.net’ payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans.
  • To evade detection, the threat actors are now injecting malicious scripts directly into the site’s payment gateway modules used to process credit card payments on checkout.
  • As these extensions are usually only called after a user submits their credit card details and checks out at the store, it may be harder to detect by cybersecurity solutions.
  • View the Source

Bing search results hijacked via misconfigured Microsoft app | 3.30.23

  • A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users.
  • Researchers discovered that the malicious application was directly linked to Bing.com, allowing them to modify the live content shown in Bing search results.
  • To verify they had complete control, the researchers attempted and succeeded in modifying search results for the “best soundtracks” search term, adding arbitrary results to the top carousel.
  • View the Source

Hackers exploit bug in Elementor Pro WordPress plugin | 3.31.23

  • Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin to install backdoors on sites.
  • Elementor Pro is a WordPress page builder plugin allowing users to easily build professional-looking sites without knowing how to code, featuring drag and drop, theme building, a template collection, custom widget support, and a WooCommerce builder for online shops.
  • The issue, which impacts v3.11.6 and all versions before it, allows authenticated users, like shop customers or site members, to change the site’s settings and even perform a complete site takeover. 
  • View the Source

Lessons Learned:

#1- Targets to payment gateways are not a new thing, but the recent strategy threat actors are employing is. More than ever, it’s important to only use your credit card on well-known and legitimate large company sites. This gives you the best bet that they are doing all they can to protect their online shoppers from cybersecurity breaches. Still, no online retailer can promise 100% safety. It’s important to always be checking your credit card statements for fraudulent charges and also set up fraud alerts with your credit card company. Personal responsibility when it comes to online retail is key.

#2- From the Bing hijack, we learn of the lack of security around search engines. Just because a search engine like Bing is tied to Microsoft, giving a feeling of familiarity and security, does not mean search engines are secure. Never search sensitive information on search engines and understand that anything you search may be made public. 

#3- As the gold standard for website hosting, it’s alarming that a breach of this level was even possible. So, what’s the answer and how can you protect your business’ website? Simple answer: regular updates. WordPress released its official advice to upgrade to version 3.11.7 or later as soon as possible. In general, applying any available updates to your or another vital software to your business operations will protect your organization as much as possible. Failing to perform available updates will leave your organization especially vulnerable. Working with a managed IT provider like PK Tech ensures regular updates are always being performed on all software whenever it becomes available.

Questions? Contact PK Tech here.