Web-Skimming Attack Compromise Dozens of Sites

By   ISBuzz Team
Writer , Information Security Buzz | Dec 08, 2022 02:03 am PST

An online Web-Skimming effort that has been taking place for at least one year is found by Jscrambler. According to the security provider, the operation has hacked over 40 e-commerce sites. A gang known as “Group X” is behind the effort and is accused of transferring stolen card information to a website in Russia. The hackers broke into the targeted website using a supply-chain strategy. According to Jscrambler, the hackers took use of Cockpit, a JavaScript package that provides free online marketing and analytics services. The service was reportedly suspended in December 2014, some years ago.

According to Jscrambler, webmasters frequently keep outdated files like these on their websites. Due to their lack of understanding of third-party code, according to the security firm. Threat actors may exploit dead links that are still retained in libraries. Security teams frequently lack access to the 3rd code that is running on their websites. Making it impossible for them to determine if it is compromised. In this instance, the hackers got hold of the domain name that was previously owned by and hosting the library, and they utilized it to build a skim script that used the same URL. The compromising of the f o websites resulted from the domain being reregistered and reconfigured.

Attack Technique

They purchased the domain name that was used to hos. The library and utilized it to deliver a Web-Skimming script at the same URL. Over 40 e-commerce websites were compromised by attackers who were able to deploy malicious code by re-registering the expired domain.

Vendor Claimed

The vendor claimed that failing to take down outdated libraries like these from websites frequently results in vulnerable dead links. Poor security procedures and a lack of understanding of third-party code are to blame, it was claimed.

According to Jscrambler, “the majority of security teams don’t have access into this third-party code that is running on their website. They don’t know if it’s functioning as it should or improperly — whether mistakenly or deliberately.”