Once online skimming malware has been injected into a website, it is then delivered to a visitor's browser along with the regular website HTML and other first-party code where it is executed. All code, regardless of whether it is first- or third-party, has the same access to any user data being entered and a skimmer will look for sensitive user data and steal it. This data is then exfiltrated, sent to the cybercriminals and later sold on the dark web.
The browser is an attractive attack surface
With modern websites being rich and immersive, they often contain thousands of lines of code and heavily utilize open-source and third-party components. With all this complexity, the attack surface of a typical website is considerably large and with organizations becoming more competent with their server and origin protections, the place where the website is rendered, the browser, is now a new frontier.
While utilizing code from third-party repositories can certainly help development and sometimes bring optimizations around performance, doing so somewhat assumes that the third party has implemented adequate security measures to protect the hosted code. If a cybercriminal is able to breach one of the third-party code providers that is utilized within a website and inject their malware, then the malicious code would be delivered to the website’s visitors and would be able to capture user data without even having to breach the organization’s web servers.
Online skimming prevention
There are several things an organization can do to help mitigate potential web skimming ranging from basic security measures to the use of security technologies designed specifically to mitigate the threat.
Organizations should examine their security practices around areas such as patching to ensure that potential loopholes or exploits are closed. Patching does not just apply to the server’s operating system, but also the delivery stack and any elements used within the website, including third-party libraries.
There are a number of security capabilities built into modern browsers, such as CSP (Content Security Policy) and SRI (Sub Resource Integrity), which organizations should examine to see if they can be applied to their codebase. While these technologies offer a certain level of protection, they do often come with a high management burden putting many off their use.
Ensighten’s website security technology enables organizations to protect their online properties against data theft and exfiltration; the purpose of web skimming attacks. By adding a single line of code, Ensighten delivers a security layer that prevents all code from sending data to unauthorized network locations.
Ensighten is the leader in preventing client-side data exfiltration and theft whilst at the same time providing technology which allows organizations to ensure that their assets are CCPA and GDPR compliant.
Get in touch to find out more about how you can protect your website from data leakage or theft while complying with global data privacy legislation.
View our guide on online skimming attacks to learn more about the attack method favored by Magecart and how you can ensure your website is protected against data theft.