Online payment details theft via web analytics service: how to stay safe

Logo
Presented by

Victoria Vlasova, malware analyst at Kaspersky

About this talk

In June 2020, Kaspersky researchers uncovered a new technique for stealing users’ payment information on online shopping websites — a type of attack known as web skimming. Web skimming is a popular practice used by attackers to steal users’ credit card details from the payment pages of online stores, whereby attackers inject pieces of code into the source code of the website. This malicious code then collects the data inputted by visitors to the site (i.e. payment account logins or credit card numbers) and sends the harvested data to the address specified by attackers in the malicious code. This time, cybercriminals invented a new technique, abusing the capabilities of Google Analytics. By registering for web analytics accounts and injecting these accounts’ tracking code into the websites’ source code, attackers can collect users’ credit card details. About two dozen online stores worldwide were compromised using this method. In this webinar you will find out: •How cybercriminals manage to gather personal details via the web analytics service •Technical analysis of the new malware and its features •Best practices to avoid such threats Read the full report about the new threat on Securelist: https://securelist.com/web-skimming-with-google-analytics/97414/ Disclaimer: Kaspersky has informed Google of the problem, and they confirmed they have ongoing investments into resolving the issue.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (251)
Subscribers (57224)
On this channel, Kaspersky experts share their knowledge and key insights into high-fidelity threat hunting and intelligence, incident management, malware analysis, reverse engineering, security solutions, and several other vital aspects of the cyberworld. To keep you up to date, the experts also provide detailed webinars and workshops on how Kaspersky security solutions and services can halt and prevent a vast range of malicious attacks conducted by cybercriminals. Kaspersky is a global cybersecurity and digital privacy company that has been providing protection for 25 years, with over 400 million users from more than 200 countries. Kaspersky experts' mission is to help you find the perfect weapon to protect against any cyberthreat, carried out by even the most sophisticated cybercriminals. Kaspersky researchers are top-notch cybersecurity and protection technology experts, who regularly take part in leading information security events worldwide as best-in-class speakers. Kaspersky’s deep threat intelligence and security expertise is constantly being transformed into innovative security solutions and services that protect businesses, critical infrastructure, governments and consumers around the globe. Subscribe and learn more about the latest cybersecurity discoveries on the threat landscape and how to defend against them. Contact us at https://www.kaspersky.com/about/contact