The company acquired its domain name after discovering a web skimming attack on a cheap web marketing and analytics service, as detailed in a blog post (Cockpit). After 2014, no one used that domain anymore.
According to Jscrambler, Group X skimmers compromised more than 40 online retailers, and the stolen information was encrypted and sent to a server in Russia for exfiltration.
Violent attempts to steal information from websites
Cybercriminals steal sensitive information from a website’s original elements, and then the vendor injects its own fake elements, such as a credit card submission form, into the page.
If a user enters information into the form, that information will be collected and leaked with each click on the page if the form is hacked using this technique.
Group Y, discovered by Jscrambler, is said to have employed a skimmer analogous to Group X’s; in contrast, Group Z, discovered by the same tool, employs a tweaked server architecture in its attacks.
Web skimming, also referred to as a Magecart attack, is the practise of stealing sensitive information from websites through the use of online skimming techniques. Data such as customer credit card numbers and other personal information is a common target for hackers.
Some websites may have had the third-party script injected into their pages by a Content Management System (CMS) or a website generator provider, as mentioned in the blog post.
Then, “they might be unable to remove the library from their websites due to restricted permissions or lack of knowledge,” Jscrambler said.
Before Black Friday, the busiest time of year for online retailers, the UK’s National Cyber Security Centre (NCSC) warned over 4,000 small business websites that their ecommerce platforms’ payment portals had been compromised (opens in new tab).
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover