Web skimming is a type of cyberattack that targets online shoppers. In these attacks malicious code collects and sends data entered by the shopper to a criminal. The criminals can use this data to gain access to the shopper’s payment information.
Sometimes fraudsters register domain names that seem to be those of credible companies e.g. google-anatytics.com and google-anaiytics.com. They then place malicious code in these sites. But on other occasions the attackers use authentic sites by injecting the malicious code into them.
How does this work? Google Analytics (GA) involves site owners inserting a GA tracking code into their websites. The code includes a tracking ID that looks something like this UA-11111111-1 and several of these, sending reports to different accounts, can exist on the same page.
Online security company Kaspersky have recently identified instances where this code has been used fraudulently. Attackers injected malicious code into a number of sites. Data entered by users, including credit card data, was collected via the GA code and then sent on to the criminals’ GA accounts.
Kaspersky have found around two dozen infected sites worldwide including shops in Europe, North America and South America selling aa wide range of goods including computers, cosmetics and groceries.
Why is this a problem?
Google Analytics is a very popular service used on millions of sites. Site users generally don’t know it is there. And site owners and administrators trust it completely. And because of the way the fraud is delivered, the attack can be implemented without code being downloaded to end users each time they visit: once the malicious code has been uploaded once, the site is infected.
What can be done to avoid the problem?
For users it’s simple: download security software that will protect against this type of attack. This type of software will be able to detect the malicious code used in these attacks and want the user, or prevent them visiting the site.
Website builders also need to take action to avoid allowing their site being contaminated. And again simple actions can be very effective. Make sure admin accounts that can affect the website’s code are protected by strong passwords and limit the number of people with access to those accounts. Ensure that any software is kept up to date. And in addition, only take software and CMS components from trusted sources; for instance any payment gateways should be PCI-DSS compliant. Finally ensure that code injection by third parties is not possible.
Jeremy Swinfen Green MA MBA is Head of Consulting at teiss. He has spent over 25 years advising organisations about digital technology and “human factors”, how people interact with technology. He has degrees from the University of Oxford and City University. He is the author of: "Cyber security: an introduction for non-technical managers" (Gower, 2015); "The weakest link" Bloomsbury, 2016) and "Digital Governance" (Routledge, 2020).
The Trump administration has decided to ban Kaspersky Lab software products from IT systems owned by all government departments and agencies. All US government departments and agencies have been asked …