The threat of supply chain attacks keeps getting more real by the day. This time, real estate websites were under a supply chain attack via a unique attack vector. A cloud video platform was leveraged to propagate a web skimmer campaign.
Diving into details
Sotheby’s Brightcove account was breached by hackers who deployed a skimmer to pilfer payment card details from more than 100 websites. Sotheby’s was using the Brightcove video player to display previews of expensive real estate properties. While the attack was conducted last year, it has come to light only recently. The attackers added the skimmer scripts in a video, meaning that whenever others would import the video, their websites would get infected.
Why this matters
As per Malwarebytes, the campaign began as early as January 2021 and the data collected was transferred to a remote server that also acted as a collection domain for a Magecart attack against Amazon CloudFront CDN in June 2019.
The bottom line
In order to detect and impede the injection of malicious codes into online platforms, organizations are advised to perform web content integrity checks on a regular basis. It is, furthermore, recommended that they defend accounts from takeover attempts and keep an eye out for possible social engineering schemes.