Russian hackers have famously targeted the Democratic party in the US, and WikiLeaks has been feverishly publishing contentious e-mails from inside Hillary Clinton’s campaign. But the democrats aren’t the only ones suffering at the hand of hackers, with the GOP senatorial committee suffering a similar fate.
According to a report from a Dutch security researcher, the National Republican Senatorial Committee (NRSC) website was crawling with malware for the past eight months, with some connections to Russian hackers. According to his analysis, the malware in question would siphon off credit card information from anyone purchasing merch on the website’s store. In other words, if you’ve bought anything off of the NRSC website, or even donated, there’s a very good chance your credit card is now up for sale on the dark side of the net.
Unfortunately, according to Willem De Groot, the security researcher who discovered this malware, the NRSC is just one of over 5900 other e-commerce sites, including Converse and Audi, that have been similarly compromised.
In most cases it seems that the attackers took advantage of out-of-date software or weak passwords to take administrative control over various e-commerce sites. They would then inject the malware into the system, altering items inside databases. Some of the changes were hard to discover because of this mode of action, and because of the effort the attackers put in to make their redirect links seem legitimate.
As usual we recommend you rely on best-practices when it comes to online security, including using only vendors you know and utilizing strong passwords and two-factor authentication. Albeit, in cases such as these, there’s little the end-user can do to stay safe, though these actions can help mitigate any damage.
Source: Krebs on Security | Credit card image via Shutterstock