A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to Jscrambler.
“They acquired the domain name that hosted the library and used it to serve a skimming script via the same URL. By re-registering the defunct domain and configuring it to distribute malicious code, the attackers were able to compromise over 40 e-commerce websites.”
The vendor said it’s not uncommon for web owners to fail to remove deprecated libraries like this from their sites, leading to dead links that can be compromised. The problem lies with a lack of insight into third-party code and poor security practices, it added.
“Most security teams don’t have visibility into this third-party code running on their website; they don’t know if it’s behaving as it should or misbehaving – whether accidentally or maliciously,” Jscrambler argued.
“This security blind spot can create a false sense of confidence in your assessment of risk; it’s hard to measure what you can’t see.”
However, the vendor also admitted that some of the compromised sites may have been impacted due to the content management system or website generator service they were using, which automatically injected the third-party script into