Hackread reports that at least 17 organizations, including major Japanese electronics manufacturing firm Casio's UK subsidiary, had their websites compromised in a double-entry web skimming attack that involved the loading of a script from the same Russian hosting provider and the distribution of a bogus payment form in the cart page that redirected to the checkout page that also sought targets' payment details.Attackers who targeted Casio UK's website between Jan. 14 and 24 deployed a two-stage skimmer that consisted of an unobfuscated loader purporting to be a third-party script that triggers the second-stage skimmer that not only encrypted and exfiltrated contact information, credit card details, and billing addresses but also concealed malicious activity through XOR-based string masking and custom encoding, an analysis from Jscrambler, a client-side web security firm, revealed. "The casio.co.uk skimming incident attests that although Content Security Policy (CSP) is a relatively simple standard, it's often considered hard to manage. It is easy to make mistakes, which often leads to companies opting for a report only over blocking, which also takes away a significant portion of the benefit," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds