Darknet

FBI warns SMBs and Government Agencies to Defend Against E-Skimming Attacks

FBI warns small and medium-sized businesses and government agencies to protect against E-skimming attacks. The attack focuses on e-commerce websites.

With the E-skimming attacks, an attacker could inject malicious codes into the website that harvests the credit or debit card data or personally identifiable information (PII).

How Attackers Inject Code

The attack impacted e-commerce companies in the retail, entertainment, and travel industries as well as utility companies and third-party vendors.

Attackers can inject malicious code by exploiting a vulnerability in an e-commerce platform or by gaining access to the victim’s network through a phishing email.

E-skimming attack Image Credits: FBI

The attack also comes through third-party plugins and supply chains of victim website or by exploiting vulnerabilities in the website such as XSS.

“Regardless, once he is in, he can load the malicious code and capture the credit card data in real-time as the user enters it. He either then sells the data on the darknet or uses it to make fraudulent purchases himself,” reads FBI Report.

How Business Protect Against the Attack

  • Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
  • Change default login credentials on all systems.
  • Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
  • Segregate and segment network systems to limit how easily cybercriminals can move from one to another.

What Victims Can Do

  • Identify the source of skimming code to determine access point – network, third party, or other.
  • Save a copy of the skimming script or malicious loader domain to report to law enforcement.
  • Change pertinent credentials.
  • Refer to your Incident Response Plan, if applicable

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Also Read

Exploiting an Exim Email Server Vulnerability Using EHLO Strings

High Severity Vulnerability Found in Intel Software Let Hackers Perform Escalation of Privilege, DoS Attack

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Guru Baran
Tags: cyber attackE-skimming attacksFBI
5 years ago

Recent Posts

30+ Tesla Cars Hacked Using Third-Party Software

A security researcher identified a vulnerability in TeslaLogger, a third-party software used to collect data…

1 day ago

How to Use Threat Intelligence Feeds for SOC/DFIR Teams

Threat intelligence feeds provide real-time updates on indicators of compromise (IOCs), such as malicious IPs…

1 day ago

YARA-X, The Malware Researchers Toolbox Evolved

Malware experts all over the world can't do their jobs without YARA. YARA has been…

2 days ago

SugarGh0st RAT Attacking Organizations & Individuals in AI Research

The cybersecurity company Proofpoint has found a new operation using the SugarGh0st Remote Access Trojan…

2 days ago

New Cyber Attack Targeting Facebook Business Accounts

The email campaign impersonates the Facebook Ads Team to trick users into clicking a malicious…

2 days ago

CISA Reveals Guidance For Implementation of Encrypted DNS Protocols

"Encrypted DNS Implementation Guidance," a detailed document from the Cybersecurity and Infrastructure Security Agency (CISA),…

2 days ago