With the help of Shopping Cart Inspect, SecurityMetrics Forensic Analysts review businesses’ rendered webpage code on their shopping cart URL to collect evidence of a skimming attack.
Trends from 2023 SecurityMetrics Shopping Cart Inspect Investigations
92.4% of Shopping Cart Inspect reviews identified malicious, suspicious, and/or concerning issues on researched ecommerce sites.
% of Ecommerce Sites Had the Following Issues
7.4% of inspected ecommerce sites had malicious issues.
80.2% of inspected ecommerce sites had suspicious issues.
53.5% of inspected ecommerce sites had concerning issues.
2.44 issues: Average number of issues identified in a Shopping Cart Inspect review.
% of Issues Discovered
3.70% of issues discovered were malicious
68.26% of issues were suspicious
28.04% of issues were concerning
Malicious: Evidence of card data being stolen. (Highest threat level)
Suspicious: Identified issues increase the probability of a potential exploit. (Medium threat level)
Concerning: Unlikely method of being breached, but identified issues could lead to a potential exploit. (Low threat level)
Top 5 Malicious Issues Found
Malicious Double Checkout Double post of credit card data returning to alternate checkout page on merchant's server.
Malicious Post A script is running with a post of data to a known bad site.
Malicious Javascript Javascript appears to be acting in a malicious manner, such as harvesting credit cards or other sensitive data.
Form Jacking Authorized payment webform is being replaced by a counterfeit.
Directory Browsing Enabled Directory Browsing is enabled on the web pages analyzed.
Top 5 Suspicious Issues Found
Javascript issue Out-of-date JavaScripts can lead to vulnerabilities available for future malicious attacks.
Ads/Business Intelligence Advertising/Analytics content is being pulled into the pages being reviewed in the checkout environment. This can be a source of intermittent card/data loss due to drive-by malvertising.
Out-of-date CMS - Suspicious Out-of-date web components. Unpatched or un-updated software is a leading cause of sites losing sensitive data.
Configuration Issue Missing required web server security headers.
Suspicious double checkout Double post of credit card data returning merchant's checkout page on the server. This practice could impact security of the site and should be reviewed for business need.
Top 5 Concerning Issues Found
Configuration Vulnerability A configuration item with a website or web server is not following best security practices.
Checkout Configuration Issue The implementation of certain aspects of the checkout process may not follow best security practices and could leave merchants vulnerable to certain types of attacks.
Mixed HTTP/HTTPS Content called via HTTP in an HTTPS environment, breaking strict SSL/TLS protocol. In severe cases, this can be exploited by bad actors to view privileged content.
HTTP Header Issue Improperly configured HTTP headers can provide attackers with specific information about your web server setup, such as vulnerable software versions.
SPAM Watch A domain has been flagged by the SPAM community, which could be using the email server to transmit malicious communications by bad actors.
Trends from 2022 SecurityMetrics Shopping Cart Inspect Investigations
92.4% of Shopping Cart Inspect reviews identified malicious, suspicious, and/or concerning issues on researched ecommerce sites.
% of Ecommerce Sites Had the Following Issues
7.4% of inspected ecommerce sites had malicious issues.
80.2% of inspected ecommerce sites had suspicious issues.
53.5% of inspected ecommerce sites had concerning issues.
2.44 issues: Average number of issues identified in a Shopping Cart Inspect review.
% of Issues Discovered
3.70% of issues discovered were malicious
68.26% of issues were suspicious
28.04% of issues were concerning
Malicious: Evidence of card data being stolen. (Highest threat level)
Suspicious: Identified issues increase the probability of a potential exploit. (Medium threat level)
Concerning: Unlikely method of being breached, but identified issues could lead to a potential exploit. (Low threat level)
Top 5 Malicious Issues Found
Malicious Double Checkout Double post of credit card data returning to alternate checkout page on merchant's server.
Malicious Post A script is running with a post of data to a known bad site.
Malicious Javascript Javascript appears to be acting in a malicious manner, such as harvesting credit cards or other sensitive data.
Form Jacking Authorized payment webform is being replaced by a counterfeit.
Directory Browsing Enabled Directory Browsing is enabled on the web pages analyzed.
Top 5 Suspicious Issues Found
Javascript issue Out-of-date JavaScripts can lead to vulnerabilities available for future malicious attacks.
Ads/Business Intelligence Advertising/Analytics content is being pulled into the pages being reviewed in the checkout environment. This can be a source of intermittent card/data loss due to drive-by malvertising.
Out-of-date CMS - Suspicious Out-of-date web components. Unpatched or un-updated software is a leading cause of sites losing sensitive data.
Configuration Issue Missing required web server security headers.
Suspicious double checkout Double post of credit card data returning merchant's checkout page on the server. This practice could impact security of the site and should be reviewed for business need.
Top 5 Concerning Issues Found
Configuration Vulnerability A configuration item with a website or web server is not following best security practices.
Checkout Configuration Issue The implementation of certain aspects of the checkout process may not follow best security practices and could leave merchants vulnerable to certain types of attacks.
Mixed HTTP/HTTPS Content called via HTTP in an HTTPS environment, breaking strict SSL/TLS protocol. In severe cases, this can be exploited by bad actors to view privileged content.
HTTP Header Issue Improperly configured HTTP headers can provide attackers with specific information about your web server setup, such as vulnerable software versions.
SPAM Watch A domain has been flagged by the SPAM community, which could be using the email server to transmit malicious communications by bad actors.
Trends from 2021 SecurityMetrics Shopping Cart Inspect Investigations
Trends From 2021 SecurityMetrics Shopping Cart Inspect Investigations
88.89% of Shopping Cart Inspect reviews identified malicious, suspicious, and/or concerning issues on researched ecommerce sites.
25.3% of inspected ecommerce sites had malicious issues.
63.86% of inspected ecommerce sites had suspicious issues.
33.73% of inspected ecommerce sites had concerning issues.
1.88 issues: Average number of issues identified in a Shopping Cart Inspect review.
18.42% of issues discovered were malicious; 61.19% were suspicious; 20.39% were concerning.
Malicious: Evidence of card data being stolen. (Highest threat level)
Suspicious: Identified issues increase the probability of a potential exploit. (Medium threat level)
Concerning: Unlikely method of being breached, but identified issues could lead to a potential exploit. (Low threat level)
Top 5 Malicious Website Issues Found
Malicious Javascript Javascript appears to be acting in a malicious manner, such as harvesting credit cards or other sensitive data.
Malicious Post A script is running with a post of data to a known bad site.
Form Jacking Authorized payment webform is being replaced by a counterfeit.
Directory Browsing Enabled Directory Browsing is enabled on the web pages analyzed.
Malicious Double Checkout Double post of credit card data returning to alternate checkout page on merchant's server.
Top 5 Suspicious Website Issues Found
Javascript issue Out of date JavaScripts can lead to vulnerabilities available for future malicious attacks.
Out of date CMS - Suspicious Out-of-date web components. Unpatched or un-updated software is a leading cause of sites losing sensitive data.
Ads/Business Intelligence Advertising/Analytics content is being pulled into the pages being reviewed in the checkout environment. This can be a source of intermittent card/data loss due to drive-by malvertising.
Configuration Issue Missing required web server security headers.
iFrame Source Issue iFrame source appears to be suspicious or improperly configured or protected. Attackers often change the iFrame source to point to malicious web forms. iFrame may be misconfigured, allowing cross-site scripting attacks.
Top 5 Concerning Website Issues Found
Configuration Vulnerability A configuration item with a website or web server is not following best security practices.
Checkout Configuration Issue The implementation of certain aspects of the checkout process may not follow best security practices and could leave merchants vulnerable to certain types of attacks
Out of date CMS - Concerning Out of date web components, which would be unlikely to lead to a breach of site security but should be updated.
HTTP Header Issue Improperly configured HTTP headers can provide attackers with specific information about your web server setup, such as vulnerable software versions.
Mixed HTTP/HTTPS content called via HTTP in an HTTPS environment, breaking strict SSL/TLS protocol. In severe cases, this can be exploited by bad actors to view privileged content.
.svg)
