Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management
Protecting Ecommerce Sites From Card Data Theft
Group-IB's Nicholas Palmer on Why JavaScript Attacks Are PervasiveThe posting of Indian payment card details for sale on the dark web is increasing as a result of compromises of ecommerce sites. That's why it's so important that these sites check their systems for vulnerabilities and invest in malware detection, says Nicholas Palmer, head of international business development at Group-IB.
Cybercriminals are using JavaScript sniffers to steal payment card data, Palmer explains in an interview with Information Security Media Group. These sniffers inject rogue JavaScript code into e-commerce sites to intercept payment card and customer data, in what are often known as Magecart attacks (see: Joker's Stash Advertises Second Batch of Indian Card Data).
"Attackers look for vulnerabilities in CMS [content management systems] software. And so certainly, for ecommerce companies, the onus is on them to make sure their CMS systems are fully patched so that they have less likelihood of actually being compromised by cybercriminals," Palmer says.
Ecommerce companies also should invest in malware detection solutions that can monitor for changes to a web application during a user session, he says.
In this interview (see audio link below image), Palmer also discusses:
- What ecommerce sites can do to mitigate the theft posed by JavaScript sniffers;
- Why cyberattakers are increasingly targeting sites in India;
- Why JavaScript sniffer attacks have increased.
Palmer is head of international business development at Group-IB. He helps banks, telecommunications and e-commerce companies develop intelligence collection plans.