The card skimming landscape continues to evolve as cybercriminals learn new techniques to avoid detection.
Online shoppers, Beware!
• Unaware online shoppers may visit a site that has been affected with a web skimmer and make purchases, while unintentionally handing over their payment details to criminals.
• Skimming codes are inserted seamlessly within the shopping sites and only those equipped with proper networking tools or a keen eye for tiny details can notice any malicious activity.
• The skimmers become active on payment pages and stealthily exfiltrate personal and financial data entered by the customers.
A pack of new tricks
• Skimmers are looking for input-field names on webpages to perform data exfiltration. They are using communication services for the exfiltration, which is triggered when the browser’s current URL has a keyword showing signs of a shopping website and when the users validate their purchases.
Recent skimming attacks
• The third-largest global music recording company, Warner Music Group (WMG), disclosed a data breach showing signs of a Magecart attack. Reportedly, WMG’s multiple e-commerce websites—hosted and supported by an external service provider—were compromised, enabling hackers to steal customers’ personal information entered into those sites.
• In a recent attack, Magecart credit card skimmers used Telegram as a channel for sending stolen credit card information back to its C2 servers. They exfiltrated the payment details using Telegram’s API and posted them into a chat channel. By leveraging simple Base64 encoding, the skimmers encoded the bot ID, the channel, and the Telegram API request.
• The American Payroll Association (APA) reported a skimming attack in which hackers installed skimming malware on their website’s login page as well as the checkout section by abusing a vulnerability in their CMS. In the incident, attackers gained access to customers’ login credentials, personal information, and payment card details.
As always, organizations need to adapt best-of-breed tools and methodologies to keep pace with skimming attacks. Moreover, e-commerce vendors need to especially step up their game to thwart such cyberattacks and maintain the trust of their customers. Taking a proactive approach, security researchers and online merchants can collaboratively overcome skimming attacks.