Earlier this month, Visa issued a special fraud bulletin to inform businesses on the growing threat of digital skimming or eSkimming activity. Specifically, cybercriminals are using “web shells” as their method of gaining access to customer payment information entered into a merchant’s website at check-out. A web shell is a small piece of malicious code that when uploaded to a compromised web server, enables back door access and remote administration.
Reports of eSkimming and web shell usage have grown in lock-step with the growth of ecommerce transactions over the past year. Microsoft reports that from August 2020 to January 2021, it registered an average of 140,000 encounters of these threats on servers, almost double the 77,000 monthly average from the prior year. Clearly it’s a problem that should not be ignored.
The three most common ways that cybercriminals infiltrate an ecommerce environment are:
Firstly, Visa describes an incident in its bulletin where the merchant victim had stored its database administrative credentials in clear text and hardcoded in database-related PHP files. These unsecured credentials gave the cybercriminal easy access to deploy the web shell.
For example, Visa described scenarios where cybercriminals exploited weak and easy-to-guess passwords for the administration panels of their merchant victims.
Secondly, using plugins that integrate with the ecommerce environment is another common tactic for eSkimming. In some instances, legitimate files for website plugins are modified to inject malicious code that gives administrative access to the ecommerce environment. In other instances, plugins integrated into a website by third party service providers have been reported.
Furthermore, it’s risky to use end-of-life technology or to fall behind in installing patches and updates in an ecommerce environment. By doing so, you exponentially increase your vulnerability to an eSkimming attack. Visa is reporting many instances where merchant victims failed to keep their technology current.
As long as ecommerce continues its rapid ascent, the threat of eSkimming and other attacks such as fraudulent card testing will be prevalent. But there are several preventive measures you can take right now to protect your customers, your business, and your reputation.
In addition, Visa’s Security Bulletin provides links to its best practices for securing ecommerce websites. You can access the entire Visa bulletin by clicking here.
As always, if we can answer any questions or provide any additional security information, please feel free to contact me directly.