Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Web skimming attacks not expected to intensify during COVID-19 quarantines

April 3, 2020
in Internet Security
Web skimming attacks not expected to intensify during COVID-19 quarantines
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Charles Deluvio

The current coronavirus (COVID-19) quarantine periods imposed all over the globe have forced a large portion of the world’s population towards online shopping.

But despite amid a dramatic rise in the number of people using online stores to buy food and supplies during this outbreak, security researchers don’t expect to see a sudden spike in web skimming attacks.

You might also like

Ursnif Trojan has targeted over 100 Italian banks

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

Malaysia Airlines suffers data security ‘incident’ spanning nine years

Web skimming, also known as e-skimming or Magecart attacks, is a type of security incident where hackers breach online stores to plant malicious code that steals a user’s payment card details while the data is entered in checkout forms.

These types of attacks have become popular with criminal groups around 2017-2018.

ZDNet interviewed this week researchers from Malwarebytes, RiskIQ, and Sanguine Security, today’s most active security firms in tracking web skimming attacks, in order to get their thoughts on how the sudden surge of users shopping online will impact the web skimming scene.

The general consensus that we received from the three companies — and contrary to popular belief — was that web skimming is not expected to see a sudden surge of activity just because more people are now stuck at home and will most likely spend more time shopping online.

The primary reason is that web skimming groups have been scanning for vulnerable sites to hack and compromise for years, and the number of incidents has remained generally the same for the past few months.

Experts say that in order to see a surge in web skimming incidents, we’ll first need to see an explosion of new online stores that hackers can attack and compromise. Until that happens, the number of hacked online stores are expected to remain the same.

Statistics compiled by the free companies show this trend pretty clearly. For example, data gathered by Sanguine Security shows a slight decrease in the number of web skimming incidents (hacked online stores) during the recent COVID-19 outbreak period.

covid-magecart.png

Image: Sanguine Security

While statistics among companies usually vary, Jerome Segura, a threat intelligence analyst at Malwarebytes, told ZDNet that he hasn’t seen “any major changes” in the number online stores compromised by web skimming groups, confirming Sanguine’s finding that the coronavirus outbreak did not drove hacker groups to increase their activity.

On the other hand, RiskIQ did see an increase, but not something that is out of the extraordinary or could be called a spike.

“So far in March, we’ve seen an uptick in our skimming detections of about 20% in comparison to February,” Jordan Herman, threat researcher at RiskIQ, told ZDNet in an email.

The reason why we’re not seeing more online stores getting hacked is because the number of online stores has remained the same.

To record a spike in web skimming attacks during the coronavirus outbreak we should have observed an explosion in the number of online stores created in the past 2-3 months — which we have not.

While more users have shopped online these past months, they most likely flocked to the big online stores, the ones that have advanced security features.

Most web skimming groups today are pigeonholed in their attack tactics and can’t breach these larger targets, which means hackers won’t be able to get to stores where most users are spending their money.

“There are multiple [web skimming] groups active in this space, and they have distinct strategies,” Willem de Groot, CEO and founder of Sanguine Security, told ZDNet.

“Some run fully automated campaigns to infect as many stores as possible. I don’t think they will change their tactics because of COVID-19,” de Groot added.

“However, more sophisticated actors run manual campaigns against targeted, larger stores. It makes no sense to spend weeks hacking into stores that have plummeted revenue (such as luxury products). I expect them to quickly shift to more profitable sectors, such as DIY, pet supplies, foodstuff.”

Still, even if there are more sophisticated actors that target larger stores, Herman believes that most web skimming attacks will go after the online stores of small-to-medium businesses (SMBs), rather than the big brands.

“Every now and then we see a well-known brand affected by Magecart, but almost all of our skimming detections are on small or medium businesses’ websites,” Herman said. “They make easier targets because they have fewer IT resources than larger companies.”

It’s these smaller online stores where users need to be careful when shopping online, the three experts said.

Unfortunately, detecting the presence of malicious web skimming code on a website is a tough job that even security researchers are struggling with — primarily due to the increased sophistication of the code involved.

“It is not possible for consumers to detect a store with skimming code. But consumers are very much able to limit any potential damage,” de Groot told ZDNet.

“We recommend using a payment method that requires two-factor authentication or the use of ‘disposable’ or ‘virtual’ credit cards that can only be used a single time.”

Herman also recommends that buyers use solutions like Apple Pay, PayPal, and other third-party payment providers, as users won’t have to enter their card details on the vulnerable stores, hence, avoid having the data stolen.

Another option is to use an antivirus, according to Segura. Some antivirus software comes with support for detecting compromised online stores. The solution is not perfect, as recently hacked stores take some time to detect and add to a database of hacked sites, but an antivirus popup might warn users when accessing sites that have been compromised for days.

So while experts don’t anticipate any major shifts on the web skimming landscape, they do recommend that users take precautions when shopping online.

Wek skimming attacks have been around for years now, and users need to develop new habits when shopping online that adapt to this new threat, regardless of the current COVID-19 outbreak.

Credit: Zdnet

Previous Post

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Next Post

Royal Dutch Shell reskills workers in AI, part of energy transition

Related Posts

Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Next Post
Royal Dutch Shell reskills workers in AI, part of energy transition

Royal Dutch Shell reskills workers in AI, part of energy transition

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
Streamlining data science with open source: Data version control and continuous machine learning
Big Data

Streamlining data science with open source: Data version control and continuous machine learning

March 4, 2021
Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs
Machine Learning

Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs

March 3, 2021
The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021
Neural Networks

The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021

March 3, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ursnif Trojan has targeted over 100 Italian banks March 4, 2021
  • Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection March 4, 2021
  • Streamlining data science with open source: Data version control and continuous machine learning March 4, 2021
  • Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates