As quoted in various media reports, the CERT-In stated that "credit card skimming through various e-commerce sites are spreading worldwide. Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP)."
According to the experts, the cyber criminals in these kind of frauds add skimming code on online shopping websites to steal credit card information shared by customers. They remotely inject malicious code into one of their legitimate JavaScript libraries which is mainly designed to obtain credit card numbers as well as passwords of the user.
As per the release, the cyber criminals are targeting the websites which are hosted on Microsoft’s IIS server running with the ASP.NET web application framework. These include sports organisations, health, shopping portal and e-commerce websites among others which are affected the most by such attacks.
ALSO READ | Google Announces Major Redesign For Gmail; Know About New 'Rooms' Feature
The government agency has shared a few names of skimmer hosting sites:
- idpcdn-cloud[.]com
- joblly[.]com
- hixrq[.]net
- cdn-xhr[.]com
- rackxhr[.]com
- thxrq[.]com
- hivnd[.]net
CERT-In also issued an advisory for the users which can protect them from such attacks:
- The agency advised the users to use only the latest version of ASP.NET web framework, IIS Web server and database server.
- It further asked he users to apply new or the updated security patches on the OS and applications (when available) through OEM to prevent such attacks.
- The users should be careful and must restrict or deny all and any kind of access by default. They should allow only the necessary access.
- The users must also conduct complete and regular security checks of web application, web server and database server. After every major configuration, users may change and plug vulnerabilities if found any.
- The users may also opt to apply Security Information and Event Management (SIEM) solutions.