The move to target the databases and programs that power online shops is a significant change in tactics.
In one case, an attacker got hold of a PC maker's entire customer list and sent everyone on it a nasty note.
"It's kind of like an arms race. It's the next logical step to go after the application itself," said Rob Straight from software firm Compuware.
"There are a lot of people that spend their time and energy to think of ways to break into applications maybe for fun and maybe for profit," he said.
Businesses connected to the net, and especially those that run online shops, are used to defeating all kinds of attacks. On a daily basis they have to cope with attempts to exploit known vulnerabilities as well as viruses and worms that try to slip through security software.
Evidence for just how new this is can be seen in the latest list of the Top 20 most vulnerable programs released in early May by the Sans Institute.
For the first time this list included such things as media players, anti-virus programs, web browsers and databases.
Vulnerabilities in browsers and media players are proving popular with the malicious hackers, said Gerhard Eschelbeck, chief technology officer at security firm Qualys and a Sans contributor.
Web shops and online banks were seeing far more attempts to inject working computer code into the databases and applications behind the scenes of many websites, said Donal Casey, spokesman for Diagonal Security.
Some attackers try to enter database commands into such fields just to see what happens. In such cases "unpredictable results" could see those commands executed and a database seriously compromised, said Mr Straight.
Attackers could end up with a store's entire customer list, including credit card numbers and bank account details.
Full Story .