The Bleeping Computer portal informs that VISA has issued an alert informing that a large number of cybercriminals are breaking into compromised servers and deploying web shells to filter credit card information from online store customers. Last year, VISA had already registered an upward trend in incidents involving web shells, which were then used to inject JavaScript and skimming credit cards in hacked online stores (Magecart-based stores, for example, were hit) ).
The company’s security researchers found an average of 140,000 of these malicious tools on compromised servers each month between August 2020 and January 2021. Microsoft reported in a 2020 report that it detected an average of 77,000 web shells each month , between July and December 2019, based on data collected from approximately 46,000 different devices in each period.
A web shell is a malicious, but web-based, interface that allows remote access and control of a web server, allowing the execution of arbitrary commands. A web shell can be loaded to allow remote access to that web server.
{Source: Wikipedia}
The alert says that “throughout 2020, Visa Payment Fraud Disruption (PFD) identified a trend in which many eSkimming attacks used web shells to create and execute command and control (C2) functions during attacks. The PFD confirmed at least 45 eSkimming attacks in 2020 using web shells, and security researchers have also noticed an increase in the use of a web shell in the broader scenario of information security threats. ”
As VISA PFD found, Magecart threat agents used web shells primarily to hack online store servers, creating a command and control infrastructure that would allow them to filter credit card information.
With international news agencies
Source: CisoAdvisor
