[AVAR 2019] Digital Skimmers: How Crooks are Spying on your Online Shopping
Over the past year, there has been a surge in highly targeted credit card skimming attacks hitting Ticketmaster, British Airways, Newegg and many more e-commerce sites of small and medium sized businesses that have been silently breached. These recent high-profile compromises made it apparent that digital skimmers are a major threat to not only online stores but also to shoppers.
In this presentation, we will cover into details the cycle of digital skimmers, which involves collaborating with bruteforcer malware services such as StealthWorker to acquire compromised websites. We begin with the methods used by attackers in compromising unsecure e-commerce websites and the malware named Stealthworker. This malware is a Content Management Systems (CMS) bruteforcer written in Golang and is catered to infect both Linux and Windows machines. The discovery of the malware was very timely since it was the time when attacks in e-commerce have been rising and was linked to a compromised e-commerce website that served a skimmer. We will take a look on how we are able to use automation for monitoring and gathering important information such as Stealthworker’s targets and as well as its continuous developments.
Next, we will share on the skimmers evolution and interesting campaigns including a recent one that we were able to get the logs of around 185,000 credit card details that were obtained by crooks that was operating for the past year.
The talk will conclude on best practices how we can protect ourselves online and share means to mitigate this kind of attack.