Home Ā» Supply Chain Web Skimming Attacks Hit Dozens of Sites
Phishing

Supply Chain Web Skimming Attacks Hit Dozens of Sites

by Infosecurity Magazine - Information Security & IT Security
written by Infosecurity Magazine - Information Security & IT Security 0 comment

A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to Jscrambler.

The JavaScript protection vendor revealed that ā€œGroup X,ā€ which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims.

ā€œThe cyber-criminals exploited a third-party JavaScript library called Cockpit, a free web marketing and analytics service that was discontinued in December 2014,ā€ it wrote.

ā€œThey acquired the domain name that hosted the library and used it to serve a skimming script via the same URL. By re-registering the defunct domain and configuring it to distribute malicious code, the attackers were able to compromise over 40 e-commerce websites.ā€

The vendor said itā€™s not uncommon for web owners to fail to remove deprecated libraries like this from their sites, leading to dead links that can be compromised. The problem lies with a lack of insight into third-party code and poor security practices, it added.

ā€œMost security teams donā€™t have visibility into this third-party code running on their website; they donā€™t know if itā€™s behaving as it should or misbehaving ā€“ whether accidentally or maliciously,ā€ Jscrambler argued.

ā€œThis security blind spot can create a false sense of confidence in your assessment of risk; itā€™s hard to measure what you canā€™t see.ā€

However, the vendor also admitted that some of the compromised sites may have been impacted due to the content management system or website generator service they were using, which automatically injected the third-party script into their pages. In that scenario, they may have been unable to remove the library from their site due to restricted permissions orĀ lack of knowledge, it said.

In fact, one of the impacted sites posted a notice on their payment page warning users of the skimmer, rather than removing it.

Jscrambler also found two other web skimming groups. One, dubbed ā€œGroup Y,ā€ used a similar skimmer to Group X but attacked websites directly with the aim of injecting a script into their homepage. The third, ā€œGroup Z,ā€ apparently used a slightly modified script and server structure in its attacks.

Source: Read More

You may also like

Check Point Software: “2022 Saw A Huge Rise In Cyberattacks”

[INFOGRAPHIC] PhishER by the Numbers

How AI chatbot ChatGPT changes the phishing game

Learning Series: Command Injection Attack

“2FA brute force attack”walkthrough from Web security academy.

Comprehensive password guessing order for unthrottled online attack

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

  • 3033 Ogden Ave. Suite 113, Lisle IL USA
  • Email: nonstop@cybernonstop.com

About Links

Useful Links

Laest News

Check Point Software: “2022 Saw A Huge Rise In Cyberattacks”
[INFOGRAPHIC] PhishER by the Numbers
Avast releases free BianLian ransomware decryptor
Interview with Mallox ransomware group

@2021 – All Right Reserved. Designed and Developed by PenciDesign

Facebook Twitter Instagram Linkedin Youtube Email
Close