BankInfoSecurity
May 5, 2021
DougOlenick) • April 9, 2021 Get Permission
Visa s Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over retailers servers during payment card skimming attacks. As a result, eSkimming, or digital skimming, is among the top threats to the payments ecosystem, according to the Visa report.
The web shells enable fraudsters conducting digital skimming attacks on e-commerce sites to establish and maintain access to compromised servers, deploy additional malicious files and payloads, facilitate lateral movement within a victim s network and remotely execute commands, Visa says.
The most common methods for deploying a web shell are malicious application plug-ins and PHP code, Visa reports.
Retailers are on high alert during holiday season of Magecart attacks, which implant malicious computer code into websites and third-party suppliers of digital systems to steal credit card info. Earlier this month, a researcher reported that the Magecart gang used a new technique for hijacking PayPal transactions during checkout. (Justin Sullivan/Getty Images)
Cybercriminals engaging in Magecart schemes are becoming increasingly adept at hiding payment skimmers within innocuous-looking website files and features, as evidenced by two recently discovered schemes in which attackers concealed their malware inside social media buttons and CSS files.
These two campaigns planted and executed the skimmerâs code on the client side. However, the threat thatâs particularly growing in stature is the server-side skimmer attack, said the man who reported these two attacks, Willem de Groot, founder of SanSec (Sanguine Security) in the Netherlands.