The US Federal Bureau of Investigation has issued a flash alert warning businesses that cybersecurity actors are harvesting credit card data from online payment pages.
The alert, sent on Monday, says that starting in January, the unidentified cyber attacker harvested a company’s credit card data by injecting malicious PHP code into the company’s online payment page. . The attacker then sent the masked data to a service that spoofed a legitimate card processing server.
Furthermore, it is claimed that the attack also established backdoor access to the victim’s system by modifying two files in the payment page.
This form of attack is not new, as Magecart attacks have been prevalent for years. But as ZDNet pointed out today, it appears that the methodology of inserting a different PHP function is a new twist on the typical attack. Actors create a backdoor using a debugging facility, then install two web shells on the service, which gives additional operating headroom.
The FBI recommends that companies update and patch all systems, change default login credentials, and monitor requests made to e-commerce systems to identify possible malicious activity. It is also recommended that websites are secured with SSL and that third-party software and hardware are installed only from trusted sources.
“This warning from the FBI is a warning that American companies should take very seriously,” Kunal Modasiya, senior director of product management at cybersecurity firm PerimeterX Inc., told SiliconANGLE. “An attack in which malicious actors harvest credit card data online by injecting malicious PHP code into the checkout page is another way to steal customers’ personally identifiable information and payment data, misuse account information and commit fraud.”
Dave Cundiff, chief information security officer at managed security services company Cyvatar, noted that continuous auditing and monitoring of an organization’s fundamental cybersecurity is a requirement these days.
“If an organization’s security fundamentals aren’t strong, then the added complexity of any additional security is unnecessary,” Cundiff explained. “Nearly every attack or compromise we have tracked over the past two years could have been prevented or at least had a significantly reduced impact by following the fundamental security basic hygiene approach.”
Cundiff added that patching systems, changing default passwords and reducing overlap in system communication have been security essentials for decades. “It’s increasingly critical not to get distracted by flashy sales pitches and to make sure your organization’s foundational security is solid before moving on to more advanced mitigations,” he said. -he declares.