The Indian Government’s Cyber Security Agency warned people that credit card skimming is spreading around the world across e-commerce sites.
Attackers usually target e-commerce sites because of their widespread existence, prominence, and the LAMP (Linux, Apache, MySQL, and PHP) setting, the Indian Code Emergency Response Team (CERT-In) said in a Thursday note.
Previously, attackers attacked pages hosted on Microsoft’s IIS platform running the ASP.NET web application software, it added. Some of the pages hit by the attack were running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and could include several vulnerabilities, CERT-In said.
The note also contained a list of best practices for software developers, including the use of the new edition of the ASP.NET application platform, the IIS web system, and the database server.
The advisory is based on research by Malwarebytes which found that this skimming campaign is likely to have started sometime in April of this year.
Credit Card Skimming
Credit card skimming has become a common practice for cybercriminals in the past few years. Online shopping during the pandemic means more business for them, Malwarebytes said in a blog post. Also, the attackers do not need to restrict themselves to the most common e-commerce sites.