In a recent blogpost, Microsoft revealed that its security researchers have recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts during online credit card use.
Web skimming typically targets platforms like Magento, PrestaShop, and WordPress, which are popular choices for online shops because of their ease of use and portability with third-party plugins. Unfortunately, these platforms and plugins come with vulnerabilities that the attackers have constantly attempted to leverage. One notable web skimming campaign/group is Magecart, which gained media coverage over the years for affecting thousands of websites, including several popular brands.
Point to be noted: while this is a real threat, one of the reasons behind this research seems to be the potential it provides Microsoft to push its security tools, especially Microsoft 365 Defender, which receives a hearty endorsement (of course) in the post. “Given the scale of web skimming campaigns and the impact they have on organizations and their customers, a comprehensive security solution is needed to detect and block this threat. Microsoft 365 Defender provides a coordinated defense that’s enriched by our visibility into attacker infrastructure and continuous monitoring of the threat landscape,” says Microsoft (Mint Lounge has not verified these claims independently or tested the efficiency of other security systems against this threat).
However, the company has provided detailed analysis of this threat in the post, including technical details of the recent skimming campaigns’ obfuscation techniques and also offered steps for defenders and users to protect themselves and their organizations from such attacks.