Supply chain attacks can devastate organizations’ critical infrastructures as one single weak link can enable threat actors to victimize the entire network. Recently, security experts from Unit42 found a supply chain attack using a cloud video platform to spread a formjacking skimmer. The researchers claim they’ve detected over 100 real estate sites compromised by the same skimmer attack.
The researchers stated the skimmer has harvested victims’ sensitive information such as names, emails, phone numbers and sent them to a collection server – https://cdn-imgcloud[.]com/img, which is also malicious.
“The skimmer itself is highly polymorphic, elusive, and continuously evolving. When combined with cloud distribution platforms, the impact of a skimmer of this type could be very large. For these reasons, attacks like this raise the stakes for security researchers to untangle their sophisticated strategies and trace them to the root cause. We have to invent more sophisticated strategies to detect skimmer campaigns of this type since merely blocking domain names or URLs used by skimmers is ineffective,” the researchers said.
Hackers Deploy Malicious Code in Video