Palo Alto Networks Warns of Massive Web Skimmer Attacks

Palo Alto Networks warns
Written by Emma Davis

Researchers from cybersecurity company Palo Alto Networks warn that cyberattacks are launched on the supply chain of software to hack sites with high traffic.

On real estate websites, cybercriminals place a malicious script (skimmer) that steals data entered by visitors. In cyberattacks on supply chains, cybercriminals use cloud-based video hosting.

Experts at Unit 42, a research arm of Palo Alto Networks, reported in a blog post that attackers are injecting malicious JavaScript code into videos. Then, when the video is imported to other sites, the skimmer codes are embedded in those sites, infecting them.

Skimmer attacks, also called formjacking, are a type of cyberattack in which attackers inject malicious JavaScript into a target website, most often on checkout or payment pages on shopping and e-commerce portals, to collect valuable information such as credit card information entered by users.

For example, an online booking form may ask for the personal data of a website user and billing information. If this site was vulnerable to skimming attacks, attackers could intercept the data.

We infer that the attacker altered the static script at its hosted location by attaching skimmer code. Upon the next player update, the video platform re-ingested the compromised file and served it along with the impacted player. β€œFrom the code analysis, we know the skimmer snippet is trying to gather victims’ sensitive information such as names, emails, phone numbers, and send them to a collection server, https://cdn-imgcloud[.]com/img, which is also marked as malicious in VirusTotal.Unit 42 experts told about one of the cases of infection.

In total, Unit42 researchers reportedly found more than 100 web resources compromised by the campaign.

All websites in question were owned by the same parent company, whose name was not disclosed. Unit 42 researchers briefed the organization and helped remove the malware.

As these types of attacks continue to evolve, becoming more sophisticated and intelligent, Palo Alto Networks invites enterprises to focus on the basics: develop a defence strategy that includes more than just perimeter-based security. assume that cloud services are inherently secure without due diligence, and prioritize new data-centric security techniques such as tokenization and format-preserving encryption that can apply protection directly to sensitive data that attackers hunt.

You may also be interested to know that Attackers use Google Analytics for web skimming, and also that Attackers abusing Google Apps Script to steal bank card details.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.