Cybersecurity company Sucuri recently revealed that they discovered an e-skimmer taking advantage of their name in order to go unnoticed. The attackers inject the base64-encoded JavaScript skimmer into targeted sites. Once the skimmer has a foothold on the site it will be used to gather personal information from form fields, which will then be sent to a remote gateway. “The payment data exfiltration takes place via an <img> tag whose src parameter is changed to hxxps://terminal4.veeblehosting[.]com/~sucurrin/i/gate.php, with relevant GET parameters such as card number, CVV, and expiration date stored in plain text,” reads a portion of Sucuri’s analysis. The “terminal4.veeblehosting[.]com/~sucurrin/” domain even redirects to the real Sucuri webpage in an effort to further avoid detection. It is believed that the skimmer in question was also used in an attempt to exfiltrate data on the websites for Harley-Davidson Military, Nappy Land National Childcare Supplier, and Soccer4All.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security