Published: November 9, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Just recently, Visa’s Payment Fraud Disruption team posted a Security Alert on its website about its latest discovery. The company’s eCommerce Threat Disruption (eTD) tool found a new JavaScript skimmer technology that’s targeting merchant websites across the globe. Visa’s eTD tool was created to identify any compromise in e-commerce transactions on a merchant website. Visa’s eTD tool worked as designed until the beginning of this year when they found a new payment-skimming malware they call Baka.
Visa’s PFD Security Alert sounded the alarm about Baka. Baka is a malware that steals payment card data from e-commerce sites. The difference between Baka and other payment skimmers is that Baka is designed to hide from security tools. When a skimmer can’t be detected on a payment system, that’s a dangerous problem for e-commerce sites and their customers.
Once the infection takes hold, Baka is able to work undetected because it’s never actually present on the targeted server. According to Visa, the Baka skimmer collects payment and other customer data and sends it to the hacker’s command and control (C&C or c2) server. The C&C server is the command center of an attack and the place where stolen data is sent back to the criminal orchestrating the theft. By staying off of the victim’s server, Baka evades detection because security tools don’t work on what they can’t find.
Other Skimmer Scams
In November of last year, Visa’s eTD found another skimmer called Pipka. Pipka was also able to evade detection by removing itself from a payment website. Aside from Baka and Pipka, another skimming attack has also been prominent in e-commerce. In August, Group-IB security firm sounded the alarm about a criminal gang called UltraRank. This gang used malicious code to skim payment data and then sold the stolen data on its underground website.
Fortunately, there are security tips that e-commerce sites can follow to help mitigate damage from Baka and other powerful skimming attacks:
Securing an E-Commerce Site
Scan and test e-commerce sites regularly for malware and other vulnerabilities. Always hire a reputable provider to help secure an e-commerce site.
Require strong and unique administrator passwords and enable two-factor authentication (2FA).
Always keep all software upgraded and patched with the latest version, especially those used on shopping carts and checkout/payment sites.
Limit access only to those who need it, including the administrative portal and accounts.
Thoroughly investigate third parties and delivery networks that have access to the checkout/payment functions, making sure they are legitimate before partnering with them.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com