Researchers from cybersecurity company Palo Alto Networks warn that cyberattacks are launched on the supply chain of software to hack sites with high traffic.
On real estate websites, cybercriminals place a malicious script (skimmer) that steals data entered by visitors. In cyberattacks on supply chains, cybercriminals use cloud-based video hosting.Experts at Unit 42, a research arm of Palo Alto Networks, reported in a blog post that attackers are injecting malicious JavaScript code into videos. Then, when the video is imported to other sites, the skimmer codes are embedded in those sites, infecting them.
Skimmer attacks, also called formjacking, are a type of cyberattack in which attackers inject malicious JavaScript into a target website, most often on checkout or payment pages on shopping and e-commerce portals, to collect valuable information such as credit card information entered by users.
For example, an online booking form may ask for the personal data of a website user and billing information. If this site was vulnerable to skimming attacks, attackers could intercept the data.
In total, Unit42 researchers reportedly found more than 100 web resources compromised by the campaign.
All websites in question were owned by the same parent company, whose name was not disclosed. Unit 42 researchers briefed the organization and helped remove the malware.
As these types of attacks continue to evolve, becoming more sophisticated and intelligent, Palo Alto Networks invites enterprises to focus on the basics: develop a defence strategy that includes more than just perimeter-based security. assume that cloud services are inherently secure without due diligence, and prioritize new data-centric security techniques such as tokenization and format-preserving encryption that can apply protection directly to sensitive data that attackers hunt.
You may also be interested to know that Attackers use Google Analytics for web skimming, and also that Attackers abusing Google Apps Script to steal bank card details.