What happened recently?
• In late August 2020, Visa Payment Fraud Disruption (PFD) reported seven C2 servers hosting the Baka skimmer.
• The skimming kit has regular basic skimming features such as data exfiltration using image requests and configurable target form fields, along with a unique obfuscation method and loader.
Recent skimmer attacks
Magecart and other digital skimming attacks have been causing significant brand damage by stealing customers’ credit card numbers from websites or checkout pages.
• This month, Magecart hackers compromised a number of US-based online stores managed by Warner Music.
• Moreover, a variant of the Magecart credit card skimmer was found using Telegram Messenger to collect and transmit the information from data harvesting scripts.
• In August, American Payroll Association suffered a skimming cyberattack.
• In the same month, Magecart attackers were using homoglyph techniques to fool users into visiting malicious websites in a credit card skimming campaign.
Visa has been alerting member financial institutions, e-commerce merchants, service providers, third-party vendors, system integrators, and resellers to prevent such threats from causing security breaches. Organizations should protect their e-commerce environments by utilizing trsuted Content Delivery Networks (CDNs), web application firewall, content security policy (CSP), and other security measures. They should apply the latest security patches for their deployed content management systems (CMSes) and e-commerce frameworks.