ASP.NET Sites Targeted by Credit Card Skimmers

Targets with the highest return on the least amount of effort are something that every cybercriminal fantasizes about. Enter: credit card skimming.

What’s going on?

A new credit card skimming campaign is targeting websites running ASP.NET; these websites are hosted on Microsoft IIS servers. This campaign started this year in April and has impacted a credit card union, along with health & community associations and sports organizations.

What should you know about it?

  • No specific JavaScript library is being targeted and the code takes various forms.
  • All the compromised sites were running ASP.NET 4.0.30319, which is not officially supported and contains a multitude of vulnerabilities.
  • Moreover, these sites also had shopping cart applications, which was the main target of the attackers.
  • The skimmer looks for passwords too, alongside credit card numbers.

Recent credit card skimming attacks

  • Magecart skimmer has been used to compromise websites in the US, hosted by local governments in 8 cities.
  • Threat actors gained write-access to Claire’s website and injected a JS used by the site with extra code that skimmed customers and payment details from online purchasers.
  • In February, the financial information of Carson City residents was compromised due to a security vulnerability on its third-party vendor's online payment system, Click2Gov.

The bottom line

Credit card skimming is a popular activity for cybercriminals and is not expected to stop any time soon. Moreover, during this pandemic season, there has been a rise in online shopping; thus, increasing business for threat actors. Thus, organizations and associations are suggested to keep their payment portals secure.