Cybersecurity Insights | Blog | Foregenix

eCommerce Cyber ThreatScape - June 2023

Written by Benjamin Hosack | 6/7/23 5:02 AM

Our ThreatView global threat assessment results for June 2023 are in with a couple of notable results:

  • 126% growth in malware detected since the start of the year - we're seeing hacked sites with multiple types of malware competing to steal their customer data.  In reality, they have been hacked by multiple criminal actors/organisations. #riddledwithmalware
  • 10% growth in hacked sites - globally -  with over 11,000 eCommerce card skimmers and loaders identified across 8,587 websites.
  • 82% increase in Shopify sites with card skimming malware compromises.

Here's the link to the report - no email/personal info required - just a simple download.

 

How do we produce this data?

Over a decade ago, we started to see an uptick in the numbers of eCommerce businesses getting hacked and having their customer payment data stolen - our forensic team had previously been assisting restaurant chains, brick and mortar retailers, payment processing companies, banks - you name the different players in the payments ecosystem - the attacks were diverse and generally large-scale attacks and compromises.

That all began to change over a decade ago - the cyber criminal focus shifted to the much easier, rapidly growing eCommerce sector.

As one of the more active forensic practices in the industry, we noticed this change - the victims were generally small to medium sized eCommerce businesses.  In our efforts to help these businesses regain control and defend themselves going forward, we came upon the realisation that there was no simple solution for this market to protect them from cyber attack - everything available on the market was focused on the BIG eCommerce organisations and was far too costly for the small to medium sized business.

We built our technology to protect these small to medium sized online businesses - not only does it protect the websites, but also enables us to do rapid forensic analysis of hacked websites to help these organisations get back online and doing business quickly and safely.

As we helped more and more businesses, we identified new website malware variants, skimmers, loaders and all sorts of "backdoors" being used to evade normal threat detection, Google blacklists etc. 

With every new malware finding, we fingerprint the malware and then deploy to our website security  technology to detect at scale around the world - and to protect our clients.

We've continued doing this for the last decade and now have - arguably - one of the most comprehensive eCommerce threat detection databases available globally.  You could say we have become specialists.

We've made this threat dataset available to the community via our ThreatView solution - we have a free, Community edition that provides websites with the absolutely latest threat detection capability from our forensic team.  For free.  An automated and on-demand website security scan using the latest threat detection capability in the industry.

Here's a link to our ThreatView Community service: www.foregenix.com/threatview

The threat monitoring we provide eCommerce businesses is specialist and focused on eCommerce threats - and is available for any eCommerce business to use for free.


We use this dataset to monitor the security and threat status of over 12 million websites around the world every 2 weeks - and we release a high level report every month.

In addition to assisting eCommerce businesses, we also help organisations that work with portfolios of eCommerce sites to proactively monitor their clients for threats - never has the saying "a stitch in time saves nine" been more relevant in identifying threats proactively and intervening before the threats become costly data compromises and very disruptive to the business.