Web Skimming Attacks On Hundreds Of Real Estate Websites Deployed Through Cloud Video Hosting Service
Jessica Haworth January 05, 2022 at 14:56 UTC
Updated: January 05, 2022 at 14:57 UTC
Attackers exploit software supply chain to compromise high traffic sites
The web skimming attacks target hundreds of real estate websites through a cloud-based video hosting service, the researchers warned.
A blog post from Unit 42, the research arm of Palo Alto Networks, revealed how attackers use the service to conduct a supply chain attack to inject card-skimming malware into victims’ sites.
Web skimming attacks occur when malicious script is injected into sites to steal information entered into web forms.
Learn about the latest news on security vulnerabilities
For example, an online reservation form may request the personal data and payment information of a website user. If this site were vulnerable to skimming attacks, malicious actors could intercept the data.
The Unit 42 blog post reads: âRecently we discovered a supply chain attack exploiting a cloud video platform to distribute skimmer campaigns (also known as ‘formjacking’).
YOU MAY LIKE US retailer PulseTV warns of apparent credit card data breach
In this specific case, the user uploaded a script that could be edited upstream to include malicious content.
The message reads: âWe infer that the attacker modified the static script at its hosted location by attaching a skimmer code. On the next player update, the video platform re-ingested the compromised file and served it with the affected player.
“From the analysis of the code, we know that the skimmer snippet tries to collect sensitive information about the victims such as names, emails, phone numbers and send them to a collection server. , https: // cdn-imgcloud[.]com / img, which is also marked as malicious in VirusTotal. “
Closing the backdoor
The websites in question were all owned by the same parent company, which has not been named.
Researchers at Unit 42 said they informed the organization and helped them remove the malware.
The blog post contains more technical information on the operation of the skimmer.
Trevor Morgan, Product Manager at comforte AG, commented, âAs these types of attacks continue to evolve in sophistication and intelligence, companies must remain focused on what matters most: developing a defensive strategy that incorporates more perimeter-based security, assume that cloud-based services are inherently secure without due diligence, and prioritize emerging data-centric security methods such as tokenization and format-preserving encryption, which can apply protections directly to sensitive data sought by threat actors.
“Tokenizing data as soon as it enters your business workflows means that business applications and users can continue to work with that information in a protected state, but more importantly if the wrong people get hold of it.” , either inadvertently or through coordinated attacks like this one. , sensitive information remains obscured so that threat actors cannot exploit it for profit. “
ADVISED Latest Web Hacking Tools – Q1 2022