443 Online Merchants Compromised in Digital Skimming Attacks
In a recent report from Europol, 443 online merchants were discovered to be compromised in a widespread Digital Skimming attack.
Digital Skimming is an attack type similar to traditional skimming where malicious actors steal credit card details at the time of payment. Instead of a physical device on the credit card terminal in a retail store, malware is inserted into the online merchant’s checkout feature and then either sent to the attackers or stored on the server for retrieval at a later date.
The identification of these compromised merchants was led by Greece under the EMPACT initiative over a two-month period. Overall, 17 countries and the European Union Agency for Cybersecurity (ENISA) are working together to curb the growing threat of digital skimming.
The origins of mass digital skimming date back to 2015 when Sansec reported that 3,500 online stores were breached. The attacks started on the Magento content management system and the actors were dubbed “Magecart” as a combination of “Magento” and “Shopping cart.”
Europol stated that digital skimming attacks can go unnoticed for a long time and can lead to thousands of customers credit card details being stolen. Europol is also informing affected merchants that they have been compromised in an effort to mitigate the risk to consumers and businesses alike.
Merchants need to have regular security audits and penetration tests to detect and prevent this type of attack. Customers can curb fraudulent charges on their credit cards by locking them until they are needed for a transaction and being on the lookout for fraud alerts from their lenders.
