Situatie
Solutie
Also known as digital skimming, web skimming, online skimming, formjacking malware, or a magecart attack, e-skimming is a major cybersecurity concern for financial institutions and their vendors, including retailers, plus any other company that processes payment information on their behalf, such as an entertainment or travel company.
E-skimmers drive customers to a domain controlled by a fraudster that looks and feels like a legitimate checkout page, and then utilize e-skimming to steal data during a purchase. The impact of an e-skimming attack includes the breach of sensitive customer information, loss of profits due to a drop in customer trust, and issues with regulator and privacy compliance that may affect your organization’s ability to do business.
A digital version of shimmers and skimmers, e-skimmers are lines of malicious code that a threat actor injects into a website, which steals data from HTML fields, including credit card data and other credentials.
How e-skimming code is introduced
Malicious e-skimming code can be introduced in several ways:
- Through the exploitation of a vulnerability in an ecommerce website’s payment platform
- By using phishing emails to enter a victim’s network or a brute force attack of administrative credentials
- Attacking a third-party or supply chain entity and hiding skimming code in the JavaScript that is loaded by the third-party onto the victim’s site
- Cross-site scripting to discreetly redirect victims to a malicious domain that can capture their PII during payment processing
Recommended reading: ‘Inside Magecart’ Exposes the Operation Behind the Web’s Biggest E-Commerce Scourge
Where there is payment information, there is the potential for an e-skimming attack, and threat actors are always on the lookout for organizations with vulnerabilities that they can target. There are several warning signs that your company may be getting attacked that your security team should look for, including:
- Multiple customer complaints of fraudulent activity that is being traced back to purchases from your site
- Edits to your JavaScript code that may indicate an unauthorized party has been tampering with it
- Identification of a new domain that is not registered by your organization, which signals that customers are potentially being redirected to a malicious site
E-Skimming Response
If your organization falls victim to an e-skimming attack, it is important to have a plan in place that lets your security teams take action swiftly and stop it from furthering its damage.
- Identify the source of the skimming code and use this information to determine its access point (third-party, network, etc.)
- Save a copy of the malicious code or domain to give to law enforcement
- Change credentials that may have been stolen and exploited during the attack
- Report the attack to law enforcement and the IC3 for documentation
Minimizing your risk
There are steps your organization can take to prevent e-skimming attacks and protect customers from their impact. The following best practices should be put in place to keep your data and infrastructure secure.
- Regularly update payment software and promptly install patches from payment vendors that address potential security vulnerabilities
- Implement code integrity checks that alert you if system files have signs of corruption or malware
- Use and update antivirus software
- Continuously monitor and confirm that you are Payment Card Industry Data Security Standard (PCI DSS) compliant
- Prioritize a strong threat intelligence program that alerts you if your organization is mentioned within illicit communities.
Leave A Comment?