Digital skimming, also called e-skimming or online card skimming, involves cybercriminals stealing credit card details or payment data from your online store's visitors. These attackers employ malicious scripts/code injections which "skim" payment and personal information from input fields on your payment forms, or they direct users to fake checkout pages. Once the data is stolen, the cybercriminals use this data to go shopping, or sell the data on the dark web for future illicit activities.
How Digital Skimming Attacks Occur
Exploiting security gaps in an eCommerce website, criminals load the digital skimmers (malicious code—known as a skimmer) — into the vulnerable website's header or footer, or third party scripts. These malicious scripts then capture credit card and payment data when users enter it into payment forms. Digital skimmers are now the most common malware being used the steal payment data around the world (see our monthly eCommerce ThreatScape Report for more info).
Challenges in Detecting Digital Skimming Attacks
Digital skimmers have been fairly simple over the last few years - very easily detected if you are using an appropriate technology to monitor your site (like ThreatView). However, over the last 12 months we have seen an emergence of what is a considerably more "stealthy" approach to Digital Skimmers, where the criminals are using obfuscation tactics, randomisation and more to make it considerably more challenging to detect them, with the result that they often go undetected for fairly extended periods of time (unless of course, the website is being proactively monitored for this sort of threat - yes, using something like ThreatView).
Magecart, Magento and Digital Skimming
Arguably Magecart brought digital skimmers into focus for the industry. Magecart attacks targeted Magento websites, originally (we're talking a few years ago), but have since evolved to target a wide range of platforms. With that said, Magento 1 and Magento 2 remain the most targeted platforms in the eCommerce world, making up roughly 65% of the hacked sites globally (see our monthly eCommerce ThreatScape Report).
There have been many well recognised brands that have fallen victim to digital skimming and Magecart, in particular, with British Airways being the most publicised (https://www.theregister.com/2020/10/16/british_airways_ico_fine_20m/), netting the organisation a substantial GDPR penalty and unpublished liabilities to the card brands.
Combating Digital Skimming Attacks
Typically criminals will take advantage of vulnerabilties in the target website to gain access - they then typically figure out a way to maintain a persistent presence, typically by installing a backdoor/webshell. Once they have this level of access, they then deploy a digital skimmer.
A defence in depth approach is always the best place to start. Make it hard for the criminals to break in undetected in the first place. But then you need to look towards more specialist technologies to monitor for specific threats and Indicators of Compromise as digital skimmers tend to evade detection by "standard" security scanners and solutions.
You can get this defence in depth approach by combining the following technologies:
Real-Time/Near Real-Time Malware Threat Detection
Web Access Log Monitoring
File Change Monitoring
Cardholder data detection
Or, simply deploy a technology like ThreatView Advanced, which builds advanced security monitoring and protection into your website, without you needing to be a cyber security specialist.
In short, ThreatView simplifies cyber security for eCommerce websites and enables you to focus on what you do best.
Comments