E-skimmers can be difficult to protect against, but companies should regularly monitor their servers from the perspective of web clients in an effort to detect suspicious communication between client web browsers and malicious or unexpected servers via JavaScript. Companies that operate e-commerce websites can also monitor file integrity changes and look for anomalies such as new references to JavaScript functions. As this incident shows, it is important to carefully examine the contents of JavaScript code and not just rely on the name of the script file to indicate that it is safe or expected. A Security Operations Center (SOC) should monitor critical web servers used for e-commerce to detect any abnormal patterns of remote access or evidence of backdoor implants that could indicate an attacker has accessed the system. The Binary Defense Security Operations Task Force operates 24/7 to monitor security events on servers and workstations. Another method of protection would be to employ a trusted security provider that tests for system vulnerabilities and can give guidance on how to better secure the website. Such security assessments are provided by TrustedSec.

Source: https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html