What is Web Skimming?
Direct cyberattacks. For this entry point, a cyberattacker plants skimming code/malware directly on the website that they plan to exploit, using zero-day exploit flaws or brute-force techniques to locate the correct admin details and credentials. This attack requires significant preparation and coordination.
Website software supply chain cyberattacks. For this entry point, malware is injected into a trusted third-party hosting site, after which the malware is executed via all websites using that third-party application. Due to the extensive use of third-party applications, this method has become more common.
To avoid becoming a victim of web skimming:
- Identify all third-party ecommerce and online advertising vendors
- Monitor third-party scripts
- Monitor code changes on websites
- Keep software up to date and regularly updated with the latest security patches
- Implement client-side web skimming solutions
- Use multi-factor authentication
- Use firewalls
- Deploy a bot management solution to prevent browser-based bot cyberattacks