FBI warns small and medium-sized businesses and government agencies to protect against E-skimming attacks. The attack focuses on e-commerce websites.
With the E-skimming attacks, an attacker could inject malicious codes into the website that harvests the credit or debit card data or personally identifiable information (PII).
The attack impacted e-commerce companies in the retail, entertainment, and travel industries as well as utility companies and third-party vendors.
Attackers can inject malicious code by exploiting a vulnerability in an e-commerce platform or by gaining access to the victim’s network through a phishing email.
The attack also comes through third-party plugins and supply chains of victim website or by exploiting vulnerabilities in the website such as XSS.
“Regardless, once he is in, he can load the malicious code and capture the credit card data in real-time as the user enters it. He either then sells the data on the darknet or uses it to make fraudulent purchases himself,” reads FBI Report.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber Security and hacking news updates.
Also Read
Exploiting an Exim Email Server Vulnerability Using EHLO Strings
A security researcher identified a vulnerability in TeslaLogger, a third-party software used to collect data…
Threat intelligence feeds provide real-time updates on indicators of compromise (IOCs), such as malicious IPs…
Malware experts all over the world can't do their jobs without YARA. YARA has been…
The cybersecurity company Proofpoint has found a new operation using the SugarGh0st Remote Access Trojan…
The email campaign impersonates the Facebook Ads Team to trick users into clicking a malicious…
"Encrypted DNS Implementation Guidance," a detailed document from the Cybersecurity and Infrastructure Security Agency (CISA),…