E-commerce sites targeted by cybercriminals, a new technique emerges
Creativity is always on the side of cybercrime.
Hackers are constantly finding new ways to mishand down a computer system to take advantage of it. For some time now a new technique, is a bit of a rage in the field of cybercrime for e-commerce sites. This technique is called Skimming. It is usually used by cyber malware to steal certain credit card information used by users of e-commerce sites.
This article will also interest you: The American e-commerce site eBay is looking for malware when accessing its website through a scanner
E-commerce sites are very attractive to cyber criminals. Indeed, the craze is growing more and more. These trading platforms are being taken by storm by users who are constantly using these services. The containment period confirmed this craze. Cyber criminals know that, they want to take advantage of it at all costs. Conveniently, access to an e-commerce site, for hackers, and very successful for its activities. The information they can be collected in this kind of intrusion can have quite a large monetary value. For example, it's easy to steal credit card or credit card numbers, login credentials, and even payment codes. "Access to an e-commerce site's systems can provide criminals with a range of valuable data, including access to customers' personal and financial information, that can be lucrative for criminals by committing identity fraud or selling data on the dark web," says a recent intSights report.
And this is added to the ease of being able to target all platforms that are starting to grow more and more and whose maintenance is not done on a regular basis, hackers are taking it to heart.
According to the recent IntSights study, computer attacks on e-commerce platforms have increased quite dramatically, particularly with the use of new methods, including "Skimming" and ransomware.
The Skimming discovered precisely in June 2020, the method that attracts attention in recent moments. It consists simply for the cyber criminal, to conceal in the images present in the site, a program called "Skimmer", which is malicious script that will be intended to steal the contents of all fields that will be entered by users of the platform. This is called names, address, credit card information used, billing address etc. The information is copied and sent to a remote server used by cyber criminals for their collection.
But since May already, the use of the credit card skimmer had already been observed but in other versions. Indeed, cyber criminals could hide their script in files used to identify websites especially in browsers. And when users visit e-commerce sites, he presented them with a payment option via PayPal. And of course this is just a trap because, if they get fooled and continues the transaction, the malicious server, will send a JavaScript code that will make it look like the transaction is proceeding normally. And so the information that will be entered by the child user easily be collected and sent to hackers.
"Staying one step ahead of hackers is a difficult but necessary security feature for retailers. And while this may seem discouraging, failure to comply with the DSS (Data Security Standard) PCI (Data Security Standard) due to an invalid or expired compliance check or critical security requirement could be just as damaging to a brand's reputation if the company is sanctioned with heavy fines and penalties from regulators. External threat information enables retailers to facilitate continued PCI DSS compliance by supporting appropriate audit controls, continuously assessing vulnerabilities, empowering, accelerating the work of Qualified Security Assessors (QSAs), and validating PCI DSS compliance controls. concluded by the report's authors.
Now access an unlimited number of passwords:
