What is Web Skimming?
Before we dive into the specifics of tackling web skimming threats, it’s important to know what they actually are. Web Skimming is a hacking technique where the attacker breaches the payment or checkout page of websites by injecting a malicious script or malware via the third-party apps that are being used by the website. Credit card information and personal information is harvested, often without being detected.
There are multiple variations of web skimming attacks that exploit the complexity of the modern website, but there are two main entry points in use today.
- Direct Attacks – This entry point involves the planting of skimming code (malware) directly on the website that is going to be exploited. The hackers can then exploit zero-day flaws or automate login credentials (also known as brute-force attacks) to locate the right admin details and credentials. It must be said that executing these attacks are not easy and requires a lot of pre-planning and coordination.
- Website Software Supply Chain Attacks – These attacks are becoming popular due to the extensive use of third-parties (over 60 on average on eCommerce sites today). While these third-parties boost functionality fast, they also create new dependencies. Malware is injected into the trusted third-party hosting site, after which the payload is executed via all websites using the web application.
Traditional applications security solutions and tools are not fully effective against these attacks because the malware is baked into the original third-party code. Also, obfuscation methods are evolving and making life harder for CISOs and security teams. The end result – the “action” takes place on the client-side, where the unsuspecting victims are totally unaware of what is going on until it is too late and the breach has occurred.