Cybercriminals use new techniques to target eCommerce sites

With bricks and mortar stores largely shut down for much of the first half of 2020, it’s no real surprise to find that cybercriminals have been targeting eCommerce sites.

New research from IntSights looks at how there has been a rise in cybercriminals targeting eCommerce sites using a variety of attack methods, such as skimming attacks, account takeovers and ransomware.

In one new web skimming attack, discovered in late June 2020, cybercriminals have obfuscated a credit card stealer in image files on eCommerce sites. When a victim visits the affected site it steals content of the input fields where online shoppers enter name, billing address, and credit card details.

Another attack uncovered in May involved hiding a credit card skimmer in the favicon files used to identify websites within browser tabs. When victims visit these Magento-based eCommerce sites, they are presented with a PayPal checkout option, but the malicious server returns JavaScript code that appears to be a credit card payment form. This payment form overrides the PayPal checkout option with its own dropdown menu and data is sent back to the scammer.

The report's authors conclude, "Staying one step ahead of hackers is a challenging but necessary component of security for retailers. And while this may seem daunting, falling out of compliance with PCI DSS due to an invalid or expired Compensating Control, or critical security requirement, could be just as damaging to a brand's reputation if the business is slapped with hefty fines and penalties from regulators. External threat intelligence empowers retailers to facilitate continuous PCI DSS compliance by addressing the appropriate audit controls, continuously evaluating vulnerabilities, empowering and accelerating the job of QSAs (Qualified Security Assessors), and validating PCI DSS Compensating Controls."

The full report is available from the IntSights site.

Photo credit: mtkang / Shutterstock