US federal authorities have received an increase in complaints over the past three months of credit card information theft by cyber criminals using web injection to introduce skimming code on e-commerce payment card processing web pages. Cyber criminals introduced skimming code to the payment card processing websites by gaining access to either the victim’s network or a third-party entity. The code captured credit card data as the end user entered it in real time. That information was exfiltrated to an Internet-connected server using a domain name controlled by the actor. Subsequently, the collected credit card information was either sold or used to make fraudulent purchases. Any business supporting online payments on their website is at risk of a web injection attack. This threat has impacted retail, entertainment, and travel industries as well as third-party vendors supporting them.
The malicious skimmer code has varied in complexity, which limits the ability to identify a specific set of indicators of compromise. Vulnerable companies should secure e-commerce websites to prevent malicious code injection. In addition, e-commerce companies should implement proper network segmentation and segregation to limit network exposure and minimize lateral movement of cyber criminals.
Precautionary measures to mitigate these techniques include:
- Prepare an incident response plan to be implemented in the event of a cyber intrusion.
- Secure all websites transferring sensitive information by using secure socket layer (SSL) protocol.
- Conduct regular backups to reduce recovery time in the event of a compromise or cyber intrusion.
- Install third-party software/hardware from trusted sources. Coordinate with the manufacturer to ensure their security protocols prevent unauthorized access to data they store and/or process.
- Patch all systems for critical vulnerabilities, prioritizing timely patching of Internet-connected servers for known vulnerabilities and software processing Internet data, such as web browsers, browser plugins, and document readers.
- Actively scan and monitor web applications for unauthorized access, modification, and anomalous activities.
- Regularly conduct network penetration tests, periodic code review, and dynamic application security tests on websites to identify vulnerabilities or misconfigurations.
- Strengthen credential requirements and implement multi-factor authentication to protect individual accounts.
- Consider a privileged identity and access management (PAM) solution to manage risk from trusted insiders and third-party vendors with privileged access.
- Assign unique, complex local administrator passwords to all workstations and other network endpoints to limit potential exposure using the same compromised password.
- Assign permission codes to website directories and files to help prevent unauthorized access to files containing website scripts.
- Educate employees on tactics used by cyber criminals to obtain personal information and account access.
For questions, comments or assistance regarding this report, please contact Wapack Labs at 844-492-7225, or firstname.lastname@example.org
 FBI Private Business notification, 11 21 2018