New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


FBI and Binary Defense Warn of E-Skimming Threat to Online Retailers

CNBC reported on the threat to consumers and retailers from e-skimming attacks against online shopping websites. These attacks attempt to inject JavaScript into the checkout page of a retail website to steal consumers’ payment card details and personal information. Herb Stapleton of the FBI Cyber Division told CNBC that e-skimming is on the rise, and although it is difficult to estimate the impact on the industry, at least “millions of cards” have been stolen using this method. Binary Defense contributed to the story by providing advice for combatting the threat, and by creating an online shopping website using Magento, a platform that many retailers use for shopping and checkout functionality, to demonstrate a JavaScript injection attack that stole payment information from the checkout page. Because many of the attacks against retailers have targeted shopping cart pages on Magento sites, Dutch researcher Yonathan Klijnsma coined the term “Magecart” to describe this type of attack and the threat groups that use it. Several different threat groups have been described using the term “Magecart,” and Indonesian authorities recently announced the arrest of criminal actors behind one such group.

Analyst Notes

Retailers with an online shopping presence should continuously monitor servers for signs of attacker behaviors, including changes to JavaScript or HTML files that could indicate the injection of malicious JavaScript code. A Content Security Policy can also be used to control which external domains are allowed to be communicated with from customers’ web browsers when using the shopping site. JavaScript files used on the checkout page should be kept to a minimum and hosted locally, rather than relying on third-party hosting providers that could introduce vulnerabilities to the shopping website if they are compromised. Consumers are advised to use virtual credit cards for online shopping to eliminate the possibility of fraudulent charges if the card information is compromised.
For more information and video of the story, please see: