Targets with the highest return on the least amount of effort are something that every cybercriminal fantasizes about. Enter: credit card skimming.
What’s going on?
A new credit card skimming campaign is targeting websites running ASP.NET; these websites are hosted on Microsoft IIS servers. This campaign started this year in April and has impacted a credit card union, along with health & community associations and sports organizations.
What should you know about it?
- All the compromised sites were running ASP.NET 4.0.30319, which is not officially supported and contains a multitude of vulnerabilities.
- Moreover, these sites also had shopping cart applications, which was the main target of the attackers.
- The skimmer looks for passwords too, alongside credit card numbers.
Recent credit card skimming attacks
- Magecart skimmer has been used to compromise websites in the US, hosted by local governments in 8 cities.
- Threat actors gained write-access to Claire’s website and injected a JS used by the site with extra code that skimmed customers and payment details from online purchasers.
- In February, the financial information of Carson City residents was compromised due to a security vulnerability on its third-party vendor's online payment system, Click2Gov.
The bottom line
Credit card skimming is a popular activity for cybercriminals and is not expected to stop any time soon. Moreover, during this pandemic season, there has been a rise in online shopping; thus, increasing business for threat actors. Thus, organizations and associations are suggested to keep their payment portals secure.