The FBI’s Portland, Oregon office has published an advisory providing a background of and tips for defending against e-skimming. E-skimming occurs when cyber criminals inject malicious code onto a website. The threat actor may have gained access via a phishing attack targeting employees – or through a vulnerable third-party vendor attached to a company’s server. Organizations that need to be especially wary of this kind of activity include those that take credit card payments online, as threat actors can capture credit card data in real time as the user enters its. Threat actors then sell the data on the Darknet or use it to make fraudulent purchases themselves. Tips for protecting against e-skimming include updating and patching all systems with the latest software and segregating and segmenting network systems to limit how easily cyber criminals can move from one to another, among others. Read the advisory at the FBI.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!