Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Hackers looking into injecting card stealing code on routers, rather then websites

September 26, 2019
in Internet Security
Hackers looking into injecting card stealing code on routers, rather then websites
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Security researchers at IBM have found evidence that hackers have been working on creating malicious scripts they can deploy on commercial-grade “Layer 7” routers to steal payment card details.

This discovery is a game-changer in what researchers call Magecart attacks, also known as web skimming. These are attacks where hackers plant malicious code on an online store that records and steals payment card details.

You might also like

100+ critical IT policies every company needs, ready for download

ExpressVPN review: A fine VPN service, but is it worth the price?

Microsoft Defender for Endpoint now protects unmanaged BYO devices

Until now, Magecart-specific code was only delivered at the website level, hidden inside JavaScript or PHP files. However, this new discovery is an escalation of Magecart attacks to a new level, where the malicious code is injected at the router level, rather than being added by hackers on outdated websites.

What are L7 routers

Layer 7, or L7, routers are a type of commercial, heavy-duty router that’s usually installed on large networks, such as hotels, malls, airports, casinos, government networks, public spaces, and others.

They work like any other router, except with the added benefit of being able to manipulate traffic at the seventh layer (application level) of the OSI networking model — meaning they can react to traffic based on more than just IP addresses, such as cookies, domain names, browser types, and more.

In a report published today, researchers with the IBM X-Force Incident Response and Intelligence Services (IRIS) team said they found evidence that a well-known hacker group has been testing Magecart scripts to deploy on L7 routers.

The idea is that hackers would compromise L7 routers and then use their powerful traffic manipulation features to inject these malicious scripts in users’ active browsers sessions.

IBM IRIS researchers said the scripts they found were specifically designed to extract payment card data from online shops, and upload the stolen information to a remote web server.

Researchers said they found these scripts after the hackers uploaded the files on VirusTotal, a web-based antivirus aggregator. The hackers appear to have been testing if their code would be detected by the antivirus engines part of the VirusTotal aggregator.

In total, IBM IRIS researchers found 17 scripts, which they organized in five groups, based on their purpose.

magecart-on-routers.png

Image: IBM IRIS

Well-known hacking group behind the “router file tests”

Researchers said that domains and other indicators in the code linked the 17 files to a known hacker group known as Magecart #5.

This is a known threat actor that has engaged in hacking IT companies and planting card-stealing code in their products. They also used CDNs (content delivery networks) and ads to deliver the malicious code.

These types of attacks are called web skimming, or Magecart attacks, and have been going on for at least three years, but they became a popular trend in the past year. A RiskIQ report published last year delved deeper into Magecart attacks.

Yonathan Klijnsma, Head of Threat Research at RiskIQ, said that Magecart group #5 is one of the most sophisticated of all the Magecart groups his company has tracked.

In its 2018 report, RiskIQ identified 12 Magecart groups, but IBM said it’s now tracking 38 such entities.

Unclear if the “test files” are now used in the real world

IBM IRIS researchers said the Magecart group #5 test scripts they found were uploaded on VirusTotal between April 11 and April 14.

It is unclear if hackers deployed the scripts on real-world routers, but the chances are that they did.

IBM IRIS noted that, historically, the Magecart #5 group has been active in stealing payment card data entered in the checkout forms of selected US and Chinese online stores. These may also be the stores they’ll target if they deploy their malicious scripts on routers.

From a user perspective, there’s not that much that victims can do to prevent from a Magecart attack executed at the router level, except avoid shopping online from untrusted or public networks, such as those in hotels, airports, or malls.

However, when shopping from home, users are still exposed to Magecart attacks that rely on inserting malicious code at the website level.

But there may be one solution. In recent months, responding to the rise in Magecart (web skimming) attacks, security researchers have begun recommending using a “virtual card” service, where users get a one-time payment card number they can use for one transaction only.

Even if the card number is used on a compromised site, once the transaction is completed, the card number becomes useless for hackers afterward. The downside is that “virtual card” services aren’t always available in all countries around the globe, and not all users will be able to get one.

Magecart attacks evolving towards injections of malicious code at the router level aren’t actually a surprise for most security experts. Insecure routers have been hacked in the past decade before, usually to redirect users to phishing links, malicious downloads, to inject cryptojacking scripts, or to inject ads for criminals’ profits. It was only a matter of time until Magecart groups realized they could do the same, but insert card-stealing code instead of what previous groups have used in the past.


Credit: Zdnet

Previous Post

Scraping eBay using BeautifulSoup in Python

Next Post

Amazon for Brands: Top 5 Problems & How to Overcome Them

Related Posts

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
ExpressVPN review: A fine VPN service, but is it worth the price?
Internet Security

ExpressVPN review: A fine VPN service, but is it worth the price?

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
Next Post
Amazon for Brands: Top 5 Problems & How to Overcome Them

Amazon for Brands: Top 5 Problems & How to Overcome Them

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers
Internet Privacy

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

April 15, 2021
AI.Reverie names Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie names Aayush Prakash as Head of Machine Learning

April 15, 2021
Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021
Neural Networks

Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021

April 15, 2021
How to Analyze Influencer Campaign Performance
Marketing Technology

How to Analyze Influencer Campaign Performance

April 15, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

How AI helps Overwatch League process 410M data points to build power rankings – IBM Developer

April 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 100+ critical IT policies every company needs, ready for download April 15, 2021
  • NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers April 15, 2021
  • AI.Reverie names Aayush Prakash as Head of Machine Learning April 15, 2021
  • Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021 April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates