https://cyware.com/news/fbi-issues-warning-to-smbs-about-e-skimming-attacks-a251120c
The FBI is warning SMBs and government agencies about the risk of e-skimming attacks for businesses that take credit card payments online.
E-Skimming, also known as Magecart attacks, occurs when malicious code is injected into a website’s POS system disguised as payment card skimmer scripts. Once the POS is compromised, hackers can then steal customers’ payment card information.
Hackers gain access to the POS server through a phishing attack, third party vendor vulnerability. Once they have access they act as a silent man in the middle and steal user credit card information to sell for profit.
The FBI recommends standard mitigation measures to protect your business from E-Skimming.
Patch Patch Patch your systems.
User education to avoid falling victim to phishing attacks
Remove any default login credentials
Segment networks to avoid easy hops for hackers
Here is an article which breaks down Magecart attack and its evolution: https://www.csoonline.com/article/3400381/what-is-magecart-how-this-hacker-group-steals-payment-card-data.html
Leave a Reply
You must be logged in to post a comment.