Web skimmer on the rise amidst the Covid-19 crisis

Consumers today have ramped up their online usage and with brick and mortar stores out of reach temporarily, ecommerce has become more of a lifeline. These shifts to digital platforms for payment have widened the playfield for cyber criminals and digital skimming of credit cards is on the rise.

In times of this pandemic, PCI SSC and the US Chamber of Commerce shared guidance and information on protection against digital skimmers. Understanding the evolved threatscape, PCI SSC council shared guidance and information for protecting against the rising online skimming attacks. The following segments outline the key points :

COVID-19 Crisis : Newly evolved threats online

We have seen a drastic rise in the online activity due to the lockdown. With people spending hours on social and ecommerce sites, it has provided widened access for cybercriminals.  There has been an increase in the number of online phishing and scamming incidents with evolved sophistication and volume.

What and Why's of Digital Skimming

Digital skimmers are online threat players, involved in injecting malicious code (JS sniffers) into legitimate websites to grab payment data. Once the website is infected, the payment card information is skimmed during the transaction without the merchant or consumer being aware.

It is being counted as under the  Magecart  Umberlla, a term popular with cyber professionals and researchers to summarise all the threat groups responsible for online skimming.

"Ecommerce crime spikes whenever there is an event that forces or entices people to perform more online transactions," Yonathan Klijnsma, Head of Threat Research, RiskIQ

How does Digital Skimming Attacks work ?

Hackers exploit the vulnerable plugins, credential stuffing and undertake phishing and other social engineering techniques to gain access to third party softwares libraries or ecommerce websites to inject the malicious code. Service providers are not aware of the risk they create if they don't focus on the security and potential threats.

Third party applications and services that are used involve : Live chat function, advertising scripts, customer rating features etc. Since third party functions are more widely used by ecommerce websites, exploit of one function opens doors for multiple websites through mass distribution of malicious Javascript.

Code is executed when a victim submits his payment details during checkout. Cybercriminals involved gather different details as per their target like billing address, names, email, phone number, credit card details, username and password.  The code running logs the data either locally or remotely to a computer controlled by the threat agent.

How severely does this affect small merchants and business ?

Small merchants and service providers do not have sufficient security controls in place and hence at the most risk of these attaches. In times of these crises, small businesses have hassly moved online to remain operational relying on attimes unevaluated technologies. With reduced staff at work and unavailability of large IT infrastructure, they are more susceptible to suck attacks.

It's evident  from previous Data breach reports that small businesses are  a major chunk of organizations affected by cyber attacks, In the dire time of this pandemic, the sales of COVID-19 domains have increased dramatically which are also used as platforms to launch phishing campaigns and spread malware.

Digital Skimming : Who's most vulnerable ?

Any e commerce service provider or implementation that doesn't have sufficient controls in place, provides their platforms as a playfield for digital skimmers. The insecure third party service providers,  and API developers to be used with the website are at a major risk. The hackers keep evolving their attacks and customize their code based on the susceptibility of their target.

The security checks and controls needs to be persistent as the threats are. The Magecard infected stores have been reported to be re-infected in a short while after being assessed. Hence, it is essential that the systems are cleaned and the vulnerabilities are patched or mitigated.

Best practices : How can we remain secure ?

Detection and prevention of these threats are the only ways to remain secure . Few detection methods are as listed below :

  • Use of vulnerability security assessment tools to test web applications for vulnerabilities
  • Use of file-integrity monitoring or change-detection software
  • Performing internal and external network vulnerability scans
  • Performing period penetration testing to identify security weaknesses

Prevention of Digital Skimming :

  • Implement malware protection and keep up to date
  • Restrict access to payment data and supporting environments to only what is necessary and deny all other access by default
  • Ensure responsibilities with third-parties are well understood
  • Use strong authentication for all access to system components

LinkedIn Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.