Cloud Video Platform Used By Cybercriminals to Steal Payment Information
More than 100 Real Estate Websites Were Compromised.
Last updated on July 5, 2022
Threat actors used an unnamed cloud video hosting service to inject malicious scripts into over 100 real estate websites owned by the same holding company. The goal of this supply chain attack was to steal private information contained in website forms.
These malicious scripts, also known as skimmers, are becoming increasingly popular and are often injected into compromised websites in order to steal sensitive data provided by users on the targeted website. Skimmers are frequently used on checkout pages for online stores to steal payment information.
How Does the Attack Work?
According to BleepingComputer, Palo Alto Networks Unit42 spotted a new chain attack in which hackers were exploiting a cloud video platform feature to inject skimmer code into a video player. The moment a website embeds that player, the malicious script is also embedded, compromising the site.
It appears that the supply chain attack was highly effective since more than 100 websites have been impacted by the operation, according to the cybersecurity company. The researchers alerted the cloud video provider and assisted the compromised websites in removing the malicious code.
Upon the next player update, the video platform started serving the skimmer code to every real estate website that already had the player embedded, enabling the script to gather confidential data entered into website forms.
What Kind of Data Was Accessed?
Following an extensive investigation, Unit42 discovered that the skimmer code was designed to identify credit card patterns, steal victim names, email addresses, phone numbers, financial information, and send them to the threat actors.
The skimmer itself is highly polymorphic, elusive, and continuously evolving. When combined with cloud distribution platforms, the impact of a skimmer of this type could be very large.
For website administrators, it is advisable to safeguard any accounts, avoid theft by phishing or social engineering, and manage permissions well. Also, we highly recommend conducting web content integrity checks on a regular basis. This can help detect and prevent injection of malicious code into the website content.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.