Here’s How You Can Protect Yourself and Your Business
Earlier this month, Visa issued a special fraud bulletin to inform businesses on the growing threat of digital skimming or eSkimming activity. Specifically, cybercriminals are using “web shells” as their method of gaining access to customer payment information entered into a merchant’s website at check-out. A web shell is a small piece of malicious code that when uploaded to a compromised web server, enables back door access and remote administration.
How Big is the Problem?
Reports of eSkimming and web shell usage have grown in lock-step with the growth of ecommerce transactions over the past year. Microsoft reports that from August 2020 to January 2021, it registered an average of 140,000 encounters of these threats on servers, almost double the 77,000 monthly average from the prior year. Clearly it’s a problem that should not be ignored.
How do Cybercriminals Gain Access?
The three most common ways that cybercriminals infiltrate an ecommerce environment are:
1. Unsecured or Poorly Secured Administrative Infrastructures
Firstly, Visa describes an incident in its bulletin where the merchant victim had stored its database administrative credentials in clear text and hardcoded in database-related PHP files. These unsecured credentials gave the cybercriminal easy access to deploy the web shell.
For example, Visa described scenarios where cybercriminals exploited weak and easy-to-guess passwords for the administration panels of their merchant victims.
2. Ecommerce-related applications or plugins
Secondly, using plugins that integrate with the ecommerce environment is another common tactic for eSkimming. In some instances, legitimate files for website plugins are modified to inject malicious code that gives administrative access to the ecommerce environment. In other instances, plugins integrated into a website by third party service providers have been reported.
3. Outdated or unpatched ecommerce technology
Furthermore, it’s risky to use end-of-life technology or to fall behind in installing patches and updates in an ecommerce environment. By doing so, you exponentially increase your vulnerability to an eSkimming attack. Visa is reporting many instances where merchant victims failed to keep their technology current.
How You Can Protect Your Environment.
As long as ecommerce continues its rapid ascent, the threat of eSkimming and other attacks such as fraudulent card testing will be prevalent. But there are several preventive measures you can take right now to protect your customers, your business, and your reputation.
- Limit administrative access to your environment. The fewer the people with admin rights, the less vulnerable you will be.
- Require strong passwords for administrative access. Moreover, consider using a password manager and enabling two-factor authentication.
- Properly secure your administrative panels and make sure they are not publicly accessible.
- Keep current with all patches and make sure your shopping cart and all software is the latest version.
- Use a Web Application Firewall to prevent malicious requests from hitting your website.
- Regularly scan your ecommerce site for malware.
- Log all network and web server activity.
- If you are not already, make sure you become PCI compliant.
- Make sure your hosting provider is secure and PCI compliant.
- Become familiar with code integrated in your website as well as third party integrations.
In addition, Visa’s Security Bulletin provides links to its best practices for securing ecommerce websites. You can access the entire Visa bulletin by clicking here.
As always, if we can answer any questions or provide any additional security information, please feel free to contact me directly.