“Web skimming”的意思、由来-开放百科全书

Web skimming is a form of internet or carding fraud whereby a payment page on a website is compromised when malware is injected onto the page via compromising a third-party script service in order to steal payment information.

A report in 2016 suggested as many as 6,000 e-commerce sites may have been compromised via this class of attack.^[1] In 2018 British Airways had 380,000 card details stolen in via this class of attack.^[2] A similar attack affected Ticketmaster the same year with 40,000 customers affected^[3] by maliciously injected code on payment pages.

Magecart

Magecart is software used by a range^[4] of hacking groups for injecting malicious code into ecommerce sites to steal payment details.^[5] As a well as targeted attacks such as on Newegg,^[6] it's been used in combination with commodity Magento extension attacks.^[7] The 'Shopper Approved' ecommerce toolkit utilised on hundreds of ecommerce sites was also compromised by Magecart^[8] as was the conspiracy site InfoWars.^[9]

Defence

Normal security practices are recommended such as vendor assessment, server patching, access control and external pen testing. In addition, use of content security policy and subresource integrity configurations can prevent malicious script modifications.^[5] In addition to best practises highlighted above, and the use of web development techniques there are also vendors that provide mitigation against the impact of Magecart on the website such as Ensighten's Marketing Security solution, which is focussed on prevention.

References

1. ^{{cite news |last1=Ismail |first1=Nick |title=Stowaways: malicious skimming code hiding in almost 6,000 online shops |url=https://www.information-age.com/online-skimming-card-fraud-123462661/ |accessdate=9 December 2018 |date=13 October 2016}}
2. ^{{cite news |last1=Whittaker |first1=Zack |title=British Airways breach caused by credit card skimming malware, researchers say |url=https://techcrunch.com/2018/09/11/british-airways-breach-caused-by-credit-card-skimming-malware-researchers-say/ |accessdate=9 December 2018 |date=11 September 2018}}
3. ^{{cite news |last1=Priday |first1=Richard |title=The Ticketmaster hack is a perfect storm of bad IT and bad comms |url=https://www.wired.co.uk/article/ticketmaster-data-breach-monzo-inbenta |accessdate=9 December 2018 |date=28 June 2018}}
4. ^{{cite news |last1=Whittaker |first1=Zack |title=Meet the Magecart hackers, a persistent credit card skimmer group of groups you’ve never heard of |url=https://techcrunch.com/2018/11/13/magecart-hackers-persistent-credit-card-skimmer-groups/ |accessdate=9 December 2018 |date=13 November 2018}}
5. ^¹{{cite news |last1=Muncaster |first1=Phil |title=Magecart: Time to Focus on Web Security to Mitigate Digital Skimming Risk |url=https://blog.nasstar.com/magecart-time-to-focus-on-web-security-to-mitigate-digital-skimming-risk/ |accessdate=9 December 2018 |date=1 October 2018}}
6. ^{{cite news |last1=Osborne |first1=Charlie |title=Magecart claims another victim in Newegg merchant data theft |url=https://www.zdnet.com/article/magecart-claims-another-victim-in-newegg-merchant-data-theft/ |accessdate=9 December 2018 |date=19 September 2018}}
7. ^{{cite news |last1=Cimpanu |first1=Catalin |title=Magecart group leverages zero-days in 20 Magento extensions |url=https://www.zdnet.com/article/magecart-group-leverages-zero-days-in-20-magento-extensions/ |accessdate=9 December 2018 |date=23 October 2018}}
8. ^{{cite news |last1=Leyden |first1=John |title=Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites |url=https://www.theregister.co.uk/2018/10/09/magecart_payment_card_malware/ |accessdate=9 December 2018 |date=9 October 2018}}
9. ^{{cite news |last1=Blake |first1=Andrew |title=Alex Jones' Infowars store infected with malware capable of skimming payment data |url=https://www.washingtontimes.com/news/2018/nov/14/alex-jones-infowars-store-infected-malware-capable/ |accessdate=9 December 2018 |date=14 November 2018}}