Attackers have used the software supply chain to access high-traffic websites. Now, researchers are warning that a cloud-based video hosting service is being used to launch web-skimming attacks against hundreds of real estate websites.
According to a blog post from Palo Alto Networks’ Unit 42, attackers utilized the service to carry out a supply chain attack and insert card-disposal malware into victims’ sites.
When a malicious script is inserted into a website to steal information from web forms, this is known as a web scraping attack. An online booking form, for example, may request a website user’s personal information and payment information. Consequently, hostile actors may intercept data if this site is subject to skimming attempts.
Unit 42 wrote a blog post explaining the following:
The parent firm of all the sites in question, which was not named, owned them all. Luckily, the experts from Unit 42 stated they notified the organization assisted them in removing the malware.
— The Daily Swig (@DailySwig) January 5, 2022
Trevor Morgan, who serves the role of Product Manager in Comforte AG, had the following to say:
As these types of attacks continue to evolve in terms of sophistication and intelligence, companies need to stay focused on the essentials: developing a defensive strategy that includes more than just perimeter-based security, so don’t assume That cloud-based services are inherently secure without proper due diligence, prioritizing emerging data-centric security methods such as format-preserving coding and encryption, which can apply for protection directly to sensitive data pursued by threat actors. Tokenizing data once it enters your organization’s workflow means that business applications and users can continue to work with this information in a protected state, but more importantly if the wrong people get it, either unintentionally or through coordinated attacks like this, Sensitive information remains opaque so that threat actors cannot take advantage of it for their gain.