Attackers Use A Cloud Video Hosting Service To Compromise High-Traffic Sites

Attackers have used the software supply chain to access high-traffic websites. Now, researchers are warning that a cloud-based video hosting service is being used to launch web-skimming attacks against hundreds of real estate websites.

An illustration of how a chain of attacks works

According to a blog post from Palo Alto Networks’ Unit 42, attackers utilized the service to carry out a supply chain attack and insert card-disposal malware into victims’ sites.

When a malicious script is inserted into a website to steal information from web forms, this is known as a web scraping attack. An online booking form, for example, may request a website user’s personal information and payment information. Consequently, hostile actors may intercept data if this site is subject to skimming attempts.

Unit 42 wrote a blog post explaining the following:

We recently found a supply chain attack that takes advantage of a cloud video platform to distribute skimmer campaigns. In the case of the attacks described here, the attacker injected scraper JavaScript code into the video, so whenever others import the video, their websites are also embedded with scraper codes. We conclude that the attacker changed the static script in the hosted site by attaching the scraper code. On the next player update, the video platform re-entered the compromised file and submitted it with the affected player. From the code analysis, we know that the scraper snippet attempts to collect sensitive information of victims such as names, emails, and phone numbers and send it to a collection server, https://cdn-imgcloud[.]com/img, which has also been flagged as malicious in VirusTotal.

The researchers explained how the skimmer infects websites, demonstrating that when a cloud platform user creates a video player, they can customize it with their JavaScript by submitting a.js file to be included in the player. In this scenario, the user has loaded a script that can be altered to include dangerous stuff at first.

The parent firm of all the sites in question, which was not named, owned them all. Luckily, the experts from Unit 42 stated they notified the organization assisted them in removing the malware.


Trevor Morgan, who serves the role of Product Manager in Comforte AG, had the following to say:

As these types of attacks continue to evolve in terms of sophistication and intelligence, companies need to stay focused on the essentials: developing a defensive strategy that includes more than just perimeter-based security, so don’t assume That cloud-based services are inherently secure without proper due diligence, prioritizing emerging data-centric security methods such as format-preserving coding and encryption, which can apply for protection directly to sensitive data pursued by threat actors. Tokenizing data once it enters your organization’s workflow means that business applications and users can continue to work with this information in a protected state, but more importantly if the wrong people get it, either unintentionally or through coordinated attacks like this, Sensitive information remains opaque so that threat actors cannot take advantage of it for their gain.

Manchester Cloud Hosting and Data Center Operator Teledata Launches New Premium Web Hosting Service  

For companies searching for a helpful approach to hosting their websites, Teledata, a Manchester-based cloud hosting and data center operator, has developed a premium web hosting solution.
1 min read
Sara Mirchevska
Sara Mirchevska
Hosting Expert

Cloud Computing Is To Reach A New All-Time High in 2022

In 2022, investment in traditional IT equipment for data centers will finally be surpassed by spending on shared cloud IT infrastructure. With corporate customers spending $18.3 billion on cloud computing and storage infrastructure in the first quarter of 2022, up 17.2%  year over year, spending on cloud services is likely to reach another critical tipping […]
2 min read
Sara Mirchevska
Sara Mirchevska
Hosting Expert

SiteGround’s New Data Center & CDN Location in Spain Deliver Faster Data Access and Reduced Networking Costs

SiteGround added a new data center facility in Madrid, Spain, to its global network on June 17, 2022. With less than a month of operation, the provider has confirmed the many benefits of a well-dispersed network and the importance of geography in web hosting.
3 min read
Sara Mirchevska
Sara Mirchevska
Hosting Expert

The Search Volume For Free Web Hosting Reaches Its All-Time High In 2022

As individuals adjust to the severe economic downturn and the cost-of-living issue, the combined search for free website builders and free web hosting has reached its highest level in over two years.
1 min read
Sara Mirchevska
Sara Mirchevska
Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top