Attacks through commonly used web components and analysis tools, with a more confidential approach

Among the various online threats, the most common types of attacks include phishing emails, drive-by downloads, botnet attacks, etc., and in recent years, online shopping has become quite Generally, hackers secretly record the transaction data entered by users to steal personal information or use it to launch other attacks.https://web-design.mucorales.com, Especially this year's Wuhan pneumonia epidemic has caused many people to be isolated at home and must obtain daily necessities through electronic malls, making many smaller electronic malls also become targets of hackers.

Major changes in web attack strategy

Regarding this kind of skimming attack that locks online transaction content, it is most often called Web Skimming, and some are also called E-Skimming and Formjacking. Hackers who are good at launching such attacks are mainly the Magecart group with multiple attack groups. Moreover, in the past three to four years, such attacks have appeared quite frequently. For example, around 2018, there have been many major attacks, such as: ticketing website TicketMaster, e-commerce shopping platform Newsegg, British Airways (British Airways) have reported the news of victimization. At this time, the main target of hackers is mostly for the purpose of stealing a large amount of personal information, and adopt a specific attack strategy.

Like the aforementioned TicketMaster attack incident, the initiator was the Magecart group 5 hackers who targeted the instant messaging service Inbenta used by the website to carry out a supply chain attack. In other words, not only were multiple websites under Ticketmaster suffered, but the scope of influence also included others. Also use Inbenta service website. The Newsegg and British Airways incidents were attacked by Magecart Group 6 hackers. The reason may be that the websites of these two companies have huge transaction volume.

However, until the end of last year and the first half of this year, hackers' attack methods have undergone many changes, which are significantly different from past events in which they tend to maximize their influence.

Judging from these emerging methods, in the events of recent months, hackers have adopted more detailed and concealed methods in an attempt to make it difficult for e-commerce websites to discover their attacks, such as hiding code, or even borrowing legal ones. External services, to achieve the integration of inside and outside.

Hidden in web components and external services, making the attack more hidden

In most website scraping attacks, hackers often use website mismanagement and configuration errors, or component vulnerabilities, and then implant scripts in web pages to record user-input transactions. In order to make it difficult for website managers to detect, hackers often use obfuscation techniques to greatly increase the difficulty of interpreting these scripts.

In addition to the above-mentioned confusing content, new methods have emerged in recent attacks, making it more difficult for website administrators to detect attacks.

For example, in the practice of embedding the snippet code in the website, originally hackers would directly add malicious commands to be executed in the files of the webpage, but recently, hackers have hidden the commands in the website icon, which means the user browses. When the website, the website representative pattern seen on the browser tab, they store the code in the EXIF ​​field of this picture. Therefore, if the administrator only checks the webpage code for any changes, it is difficult to detect that it has been attacked.

How does the hacker transmit the transaction information intercepted from the website to his hand? In most of the attack incidents, the relay website is usually established as a channel. However, in late June of this year, antivirus manufacturer Kaspersky and e-commerce website protection service providers: PerimeterX and Sansec exposed the abuse of the Google Analytics service. Hackers applied for this traffic analysis service to receive stolen transaction data. , Making relevant whereabouts more difficult to find.