Web skimming campaign hits several websites

Hackread reports that at least 17 organizations, including major Japanese electronics manufacturing firm Casio's UK subsidiary, had their websites compromised in a double-entry web skimming attack that involved the loading of a script from the same Russian hosting provider and the distribution of a bogus payment form in the cart page that redirected to the checkout page that also sought targets' payment details.

Attackers who targeted Casio UK's website between Jan. 14 and 24 deployed a two-stage skimmer that consisted of an unobfuscated loader purporting to be a third-party script that triggers the second-stage skimmer that not only encrypted and exfiltrated contact information, credit card details, and billing addresses but also concealed malicious activity through XOR-based string masking and custom encoding, an analysis from Jscrambler, a client-side web security firm, revealed. "The casio.co.uk skimming incident attests that although Content Security Policy (CSP) is a relatively simple standard, it's often considered hard to manage. It is easy to make mistakes, which often leads to companies opting for a report only over blocking, which also takes away a significant portion of the benefit," said researchers.