It has been reported that hackers have breached the website of Tupperware, a US company known for its plastic food container products, and placed malicious code on its website to collect payment card details from site buyers. The malicious code has been running on the Tupperware homepage for at least five days, according to security researchers. Every time a user initiates a payment, the malicious code creates an iframe that floats over the page and shows a cloned payment form that mimics Tupperware’s original VISA CyberSource payment form.
Experts Comments
Once the consumer payment card data has been skimmed by an attacker that payment card needs to be rendered inoperable.
Web skimmers or Magecart scripts work by taking advantage of an infrastructure vulnerability caused by misconfiguration. The misconfiguration enables an attacker to discover a potentially vulnerable website (using a shotgun approach) and upload the malicious code to service provider. To avoid this type of misconfigurations, it’s useful to comply with standardized security benchmarks – like the one from Center for Internet Security (CIS) which would enable an organization to validate their.....Read More
Nonetheless, this may be the blueprint of future similar attacks on other web sites.
This does indeed sound like the work of a new cyber gang that has not scaled operations yet. The domain name they chose to register was not customized to blend in to their target victim’s normal web site operations and based on DNS resolution telemetry, it does not seem to have reached any meaningful scale. Nonetheless, this may be the blueprint of future similar attacks on other web sites.
It's clear that companies must make sure to continuously assess the security of their supply chain partners.
This cyberattack on Tupperware illustrates why it’s so important for companies to keep checking their websites with a critical eye towards injected code. These silent and stealthy attacks are targeting not only retail sites, but also vendors, with the goal of infiltrating the entire supply chain. It's clear that companies must make sure to continuously assess the security of their supply chain partners, and not just during onboarding.
Fake checkout forms are a common method Magecart attackers use to get around the iframe protections.
Fake checkout forms are a common method Magecart attackers use to get around the iframe protections used by legitimate payment services. Skimming toolkits like Inter make this simple and accessible to all attackers. However, their one downside is that they prevent the legitimate transaction from being successfully completed. This attack added another step and reverted to the legitimate form once the payment details were stolen, allowing the user to complete a transaction in a second try......Read More
Standard server headers to block iframes would have stopped this attack.
Though the iframe injection was crafty, this type of attack should only work on websites that have implemented very few security measures. Standard server headers to block iframes would have stopped this attack. As we look at how Magecart attacks work, having a simple understanding of where your clients are being redirected is becoming necessary. 3rd party code is needed but it shouldn’t be an open attack vector whether it is placed on the website maliciously, brought in to the client via an.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Tim Mackey, Principal Security Strategist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The primary potential tell-tale sign might be that the website itself doesn’t quite look “right”...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-tupperware-website-hacked-and-infected-with-payment-card-skimmer
Facebook Message
@Tim Mackey, Principal Security Strategist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The primary potential tell-tale sign might be that the website itself doesn’t quite look “right”...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-tupperware-website-hacked-and-infected-with-payment-card-skimmer