Light Dark
January 6, 2020 By David Bisson 2 min read

Digital attackers invented two new evasion techniques that they can use to help conceal the activity of a client-side web skimmer.

As reported by Malwarebytes, a security researcher disclosed the first publicly documented payment card web skimmer to ever use steganography on Dec. 26, 2019. They found that the skimmer used what appeared to be a free shipping ribbon commonly found on e-commerce websites. However, a closer look at the image revealed that the file contained malicious JavaScript code immediately after the file marker. That code, in turn, was responsible for the credit card skimming functionality.

The firm noted that the same security researcher also observed some digital attackers using WebSockets with their payment card skimmers. As opposed to HTML, this communication protocol allowed digital attackers to exchange data with their skimmer over a single TCP connection. This functionality enabled the malicious actors to exchange the skimming code and data exfiltration attempts with their skimmer using bidirectional messages.

The Latest Innovation in Skimmers

This isn’t the first time that digital attackers have innovated new techniques for the typical web skimmer. Back in mid-November, Visa revealed that it had detected a new skimmer called Pipka targeting at least 17 e-commerce websites. That malware used a variety of anti-analysis techniques at the time of discovery; chief among them was its ability to remove its script tag and thereby make itself more difficult to detect. It was just a few days later when Malwarebytes reported that attackers had started blending phishing and skimming tactics together to trick users into thinking they were using a legitimate payment service platform.

How to Defend Against a Web Skimmer

Security professionals can help defend against an evasive web skimmer by investing in solutions that are powered by machine learning (ML). They can then train those models on a variety of scenarios, including attack chains involving the use of evasive behaviors, to help better protect the network against sophisticated digital threats. Security professionals should also review their data loss and protection strategies to make sure their organization can still access its critical information in the event of an adversarial ML attack.

 |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

July 2, 2024

It all adds up: Pretexting in executive compromise

4 min read - Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords.While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of this risk requires a more in-depth approach from attackers: Pretexting.What is pretexting?Pretexting is the use of a fabricated story or narrative — a “pretext” — to…

July 1, 2024

ChatGPT 4 can exploit 87% of one-day vulnerabilities

2 min read - Since the widespread and growing use of ChatGPT and other large language models (LLMs) in recent years, cybersecurity has been a top concern. Among the many questions, cybersecurity professionals wondered how effective these tools were in launching an attack. Cybersecurity researchers Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang recently performed a study to determine the answer. The conclusion: They are very effective.ChatGPT 4 quickly exploited one-day vulnerabilitiesDuring the study, the team used 15 one-day vulnerabilities that occurred in…

June 28, 2024

Vulnerability management empowered by AI

3 min read - Vulnerability management involves an ongoing cycle of identifying, prioritizing and mitigating vulnerabilities within software applications, networks and computer systems. This proactive strategy is essential for safeguarding an organization’s digital assets and maintaining its security and integrity.To make the process simpler and easier, we need to involve artificial intelligence (AI). Let's examine how AI is effective for vulnerability management and how it can be implemented.Artificial intelligence in vulnerability managementUsing AI will take vulnerability management to the next level. AI not only…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature