Research by Karpesky shows how hackers use Google Analytics to steal credit card information. We explain the measures you can take to protect your website and avoid any problems that may arise.
Kaspersky’s researchers published a new blog on June 24, explaining how hackers are using Google Analytics to steal credit card information. As you probably know, Google Analytics is one of the most popular tracking tools for marketers. The purpose of this article is to talk more about their discovery. Besides, we will increase awareness of website security and ways to strengthen our solutions further.
According to Kaspersky’s blog, crooks inject malicious code into pages with vulnerabilities. Then they steal the administrator’s password using a brute force attack. They can also use plugins or third-party resources to access the source code. If you have forms on your website that have not escaped a certain type of data or that do not filter certain information, they can also use them as a gateway to access your system. Once they can inject malicious code, they will find a way to save all user activity on the site, including credit card information and personal data. Therefore, they manage to steal information on credit cards by playing on the degree of credibility of Google Analytics.
Many anti-virus companies like Kaspersky or Norton develop solutions based on the Content Security Policy (PSC), which lists all the services authorized to collect certain personal data on a user’s browser. So, if, by any chance, a user has an anti-virus and the malicious code tries to collect data, it will be blocked automatically. In other words, if any trustworthy code or script passes the anti-virus check, then it will collect data safely.
Google Analytics is one of the most popular tools for marketers. Many website owners blindly trust their security when using it on their site. Obviously, Google Analytics is on the list of trustworthy services. This is why hackers take the opportunity to gain information about users.
The purpose of this article is not to convince you not to use Google Analytics. Until proven otherwise, the values and data derived from Google Analytics software support some companies. However, it would be best if you never trusted a tool 100% to manage credit card information secure on your solution’s customers. Here are some steps you can take to avoid putting your customer data at risk.
If you have a website that requires users to create an account, forcing users only to create hard-to-get passwords can help in some cases. For example, you can ask them to combine special characters, character strings, and alphanumeric values.
Many businesses use two-factor authentication or phone number validation to combat password guessing. The idea is to ask a user to provide an additional way to log into their account. For example, after entering the password, the user will receive an SMS with an additional code to enter with the validation of the phone number.
These are great tools like WordPress, Drupal or Joomla that will help you build a website quickly. One of these tools’ downsides is that people rely too much on plugins or third-party resources to run their business. As a result, they have less control over their data. That said, if you can limit the number of third-party resources or do some proper research on the plugins you use, it may help.
If you have a particular solution for your website, taking the time to apply the updates can help. The website development communities work daily to improve solutions. More often, the new version will be accompanied by fixes to address certain vulnerabilities. Thus, failure to update your websites will lead to significant losses in the short or long term.
Another famous portal for hackers is website forms. It would be best if you were careful with all the data you receive from the site forms. Here are some of the approaches we typically used to protect customer sites and credit card information:
When you manage your website daily, you cannot trust all the activity on your server. If you scan your site regularly, you will be able to detect malicious code on your site. There are many tools you can use for this purpose. Some of them are:
There are many measures you can take to protect your site and customer credit card information. Below are some other measures:
As we can see from this article, we cannot claim to have a completely secure website. For example, as long as we are using third-party resources or not monitoring a site 24/7, we will still face vulnerabilities. However, as website owners, everyone can make sure to apply best practices avoiding some apparent weaknesses.
How likely are you to trust certain giants with your data? Will you trust them 100% assuming they are always reliable?
Thanks for reading our article, if you need help improving your website’s security, you can contact us.