Threat Management, Malware, Breach

Hackers are scraping credit card data from online checkout pages

Share
The seal of the Federal Bureau of Investigation hangs on the outside of the bureau’s Edgar J. Hoover Building May 9, 2017, in Washington.  (Photo by Chip Somodevilla/Getty Images)

The FBI issued an alert May 16 warning security teams that cyber actors were able to scrape credit card data from a U.S. business in January by injecting malicious PHP code into its online checkout page. 

The data was then sent to a server that spoofed a legitimate card processing service. Furthermore, the unidentified actors established a backdoor to the business’ system by modifying two files within the checkout page. 

The FBI shared indicators of compromise (IOCs) in the alert to assist in network defense, as well as recommendations for mitigations.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.