The cybersecurity landscape advances daily and so do threats, e-commerce websites have become a main target for threat actors. In a recent incident, an advanced skimming attack on WooCommerce sites has shed light on the new methods hackers use to steal crucial data.
The blog discusses the details of this attack, its impact, and the steps businesses can take to protect their e-commerce websites.
Understanding the Attack
The attack, as explained by Sucuri, uses image extensions and style tags to deploy malicious code into WooCommerce websites. The technique is subtle due to its evasive nature, making it a challenge to detect it through traditional security measures:
1. Vector as Style Tags: Hackers used malicious Javascript within style tags. Style tags are generally used to explain the presentation of HTML elements, and their presence is sometimes overlooked by security scans that focus on script tags. By hiding the skimmer code in style tags, hackers successfully bypassed many security checks.
2. Image Extension Scam: The second layer of the attacks uses an image file extension to mimic a malicious script. The hackers used a fake payment overlay inside an image file, disguising as a favicon. When users interacted with the payment page, the skimmer stole their credit card info and sent it to the hackers’ server.
Impact on the e-commerce industry
This attack brings out various problems in the present state of cybersecurity threats in the e-commerce landscape:
1. Advanced Threats: Threat actors are improving their techniques, making it crucial for security measures to evolve accordingly. Using style tags and image extensions shows a new trend in the level of skimming attacks.
2. Identifying Problems: Traditional security tools are not advanced enough to identify such sophisticated threats. This demands a more holistic approach to cybersecurity, employing advanced threat protection measures.
3. Gaining User Trust: The success of e-commerce sites depends on gaining user trust. Breaches that steal sensitive data can have long-term effects on an organization’s image and customer loyalty.
“Ultimately, this was a very well-thought-out and detailed skimming attack. There were no obviously malicious domains loading scripts on the checkout page, the footprint within the checkout page was overall quite minimal, and the main payload (in addition to the file location being concealed with some complicated character substitution) was cleverly hidden behind the website’s favicon image,” the Sucuri blog mentions.