fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Use Video Player to Steal Credit Cards From Over 100 Sites

Hackers Use Video Player to Steal Credit Cards From Over 100 Sites

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.

These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms. Skimmers are commonly used on checkout pages for online stores to steal payment information.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected.

In total, Unit42 found over 100 real estate sites compromised by this campaign, showing a very successful supply chain attack.

The researchers notified the cloud video platform and helped the infected sites clear their pages, but this campaign is an example of the ingenuity and determination of adversaries.

Hacking once, infecting hundreds

The cloud video platform involved in the attack allows users to create video players that include custom JavaScript scripts to customize the player.

One such customized video player that is commonly embedded in real estate sites used a static JavaScript file hosted at a remote server.

Also Read: How a Smart Contract Audit Works and Why it is Important

Unit42 researchers believe those threat actors gained access to the upstream JavaScript file and modified it to include a malicious skimmer script.

On the next player update, the video player began serving the malicious script to all real estate sites that already had the player embedded, allowing the script to steal sensitive information inputted into website forms.

Skimmer code seen in an infected webpage
Skimmer code seen in an infected webpage
Source: Palo Alto Networks

The code itself is highly obfuscated, so it’s unlikely to raise any suspicions at first glance or to be caught by unsophisticated security products.

Upon deeper analysis, Unit42 found that the skimmer steals victim names, email addresses, phone numbers, and credit card information. This stolen information is then sent back to an attacker-controlled server, where the threat actors can collect it for further attacks.

Skimmer functions and execution order
Skimmer functions from saving data to exfiltrating
Source: Palo Alto Networks

Palo Alto Networks has published a complete list of the IoCs (indicators of compromise) on this GitHub repository.

An elusive threat

This campaign deploys a polymorphic and continuously evolving skimmer that can’t be stopped using conventional domain name and URL blocking methods.

Website administrators who embed JavaScript scripts on their sites should not trust them blindly, even if the source has been proven to be trustworthy.

Instead, admins are advised to conduct regular web content integrity checks and use form-jacking detection solutions.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us