All information about E-skimming Fraud alert

Configurare noua (How To)

Situatie

Solutie

Digital Skimming refers to attacks that infect e-commerce sites with ‘sniffers’, a malicious code that can is also referred to as Javascript (JS) sniffers. These codes are very difficult to detect, meaning there will be no trace of their existence until it’s too late. Once a website is infected, card information is “skimmed” during a transaction unbeknown to either the merchant or customer that their information is being compromised.
 
A term that is commonly associated with these types of threats and attacks is Magecart. Magecart is an umbrella term used by some security researchers to describe the hackers or groups of hackers responsible for carrying out these attacks. Magecart has been active since 2015, and are continuously evolving in an attempt to get the better of advancing technology. Magecart has been responsible for several high-profile attacks on international organizations including British Airways.
 
Stratica is a PCI Forensic Investigator and one of only 20 firms authorised by the card brands via the PCI Council. We are the only Australia-based PCI FI. We undertook our first Magecart investigation in 2014. Since then, the number of investigations each year has grown exponentially.
How To Detect Threats Before They Can Cause Damage
In order to properly detect these threats, there are many tools available, including vulnerability security assessment tools that will test web applications for potential weaknesses. Also required are File-integrity monitoring or change-detection software and performing internal and external network vulnerability scans and period penetration testing to identify security weaknesses. 
 
How To Stop Them Happening In The First Place
 
The best practice for stopping digital skimmers from being able to break into your site includes regularly patching operating systems and software with the latest security updates. It is important to implement some form of malware protection and keep it up to date while also putting in place security patches for all software used. In order to tighten security further, access should be restricted to what is only absolutely needed with all other website access denied by default to avoid a costly error being made. Strong authentication for access to the website’s system components is also a must. This means multi-factor authentication, not just simple passwords that are easy to guess!
 
With a sound knowledge of how Digital Skimming occurs and how it can be prevented, e-commerce companies are better placed to stay one step ahead of the Magecart and give customers the security guarantee they deserve. However, if you are breached you know who to call. It is always best to ring rather than email us as your mail system may also be compromised. Why warn the cyber criminals that they have been discovered?

Also known as digital skimming, web skimming, online skimming, formjacking malware, or a magecart attack, e-skimming is a major cybersecurity concern for financial institutions and their vendors, including retailers, plus any other company that processes payment information on their behalf, such as an entertainment or travel company.

E-skimmers drive customers to a domain controlled by a fraudster that looks and feels like a legitimate checkout page, and then utilize e-skimming to steal data during a purchase. The impact of an e-skimming attack includes the breach of sensitive customer information, loss of profits due to a drop in customer trust, and issues with regulator and privacy compliance that may affect your organization’s ability to do business.

A digital version of shimmers and skimmers, e-skimmers are lines of malicious code that a threat actor injects into a website, which steals data from HTML fields, including credit card data and other credentials.

How e-skimming code is introduced

Malicious e-skimming code can be introduced in several ways:

  • Through the exploitation of a vulnerability in an ecommerce website’s payment platform
  • By using phishing emails to enter a victim’s network or a brute force attack of administrative credentials
  • Attacking a third-party or supply chain entity and hiding skimming code in the JavaScript that is loaded by the third-party onto the victim’s site
  • Cross-site scripting to discreetly redirect victims to a malicious domain that can capture their PII during payment processing

Recommended reading: ‘Inside Magecart’ Exposes the Operation Behind the Web’s Biggest E-Commerce Scourge

Where there is payment information, there is the potential for an e-skimming attack, and threat actors are always on the lookout for organizations with vulnerabilities that they can target. There are several warning signs that your company may be getting attacked that your security team should look for, including:

  • Multiple customer complaints of fraudulent activity that is being traced back to purchases from your site
  • Edits to your JavaScript code that may indicate an unauthorized party has been tampering with it
  • Identification of a new domain that is not registered by your organization, which signals that customers are potentially being redirected to a malicious site
E-Skimming Response

If your organization falls victim to an e-skimming attack, it is important to have a plan in place that lets your security teams take action swiftly and stop it from furthering its damage.

  • Identify the source of the skimming code and use this information to determine its access point (third-party, network, etc.)
  • Save a copy of the malicious code or domain to give to law enforcement
  • Change credentials that may have been stolen and exploited during the attack
  • Report the attack to law enforcement and the IC3 for documentation

Minimizing your risk

There are steps your organization can take to prevent e-skimming attacks and protect customers from their impact. The following best practices should be put in place to keep your data and infrastructure secure.

  • Regularly update payment software and promptly install patches from payment vendors that address potential security vulnerabilities
  • Implement code integrity checks that alert you if system files have signs of corruption or malware
  • Use and update antivirus software
  • Continuously monitor and confirm that you are Payment Card Industry Data Security Standard (PCI DSS) compliant
  • Prioritize a strong threat intelligence program that alerts you if your organization is mentioned within illicit communities.

Tip solutie

Permanent

Voteaza

(6 din 10 persoane apreciaza acest articol)

Despre Autor

Leave A Comment?