Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Threats are evolving. Hacked eCommerce numbers are growing. We, as an industry, also need to evolve to win. Here's our report on what we've seen and learned in 2024.
New Malware / IOCS / Legit files used maliciously identified through forensic investigations in the last month.
Over the last 7 years, Digital Skimmers have been the most widely used malware for payment data theft. That trend has however, been slowly changing until early 2024 when Digital Loaders became more prevalent than Digital Skimmers.
This is a significant point in the fight against cyber crime in the eCommerce world as it shows that technologies like ThreatView have become so good at detecting Digital Skimmers that we are disrupting the criminal process. The next stage of their attack is to use Digital Loaders.
A Digital Loader is usually a small script that tells a website visitor's browser to fetch a piece of code from another website. It effectively LOADS the code into the visitor's browser to do whatever it is designed to do. Most loaders in the eCommerce world are designed to covertly load Digital Skimmers into a visitor's browser, capturing any relevant payment data before it even reaches the website.
Digital loaders are a challenge to detect without appropriate technology and we're constantly seeing them evolve and develop as the cyber security world adapts.
A Digital Loader or Digital Skimmer is the final step in the attack and it is the part that does the theft of your customer data. Leading up to that point, the criminals will need to have found a way to break in, a backdoor/webshell to enable them to break back in and re-establish their attack should their user access be detected and shut down, and they may have made other changes to the site.
Our recommendation is if you detect a Digital Skimmer or Loader, you should do a full threat sweep of your eCommerce infrastructure to make sure there isn't some other nasty hidden code within your site.
Naturally, this is what we can help you with. To help you get proactive. Stay ahead of the criminals, detect their movements and shut down any future attacks.
A digital skimmer refers to malicious code inserted into the checkout pages of online stores. This code operates by capturing credit card details entered by customers during the checkout process and transmitting this sensitive information to a server controlled by the attacker.
Due to the stealthy nature of this attack and the utilisation of advanced concealment techniques, digital skimmers can remain undetected for extended periods, potentially accumulating vast amounts of credit card data over time. Well known names of malware in this category are Magecart, FakeGA, FirstKiss, R3nin.
Notably, digital skimmers have been implicated in several prominent security breaches involving well-known companies such as Ticketmaster, Tupperware, and British Airways. Additionally, they have been utilized in extensive automated attacks targeting eCommerce platforms like Magento, Wordpress, Magecart, OpenMage, Drupal, Joomla and others.
Whether overseeing security for a large corporation or managing a small online business, it is essential to comprehend the methods employed by digital skimmers to safeguard both your enterprise and its clientele.
Fill in your email below and we will send you the report directly.
Please fill the following details to assess your site. You will receive an email with a link to complete set up and access your ThreatView account.
