Total Tests:

Hackers hide stolen credit card data in JPG file

By Kirsten Doyle for ITWeb
Wednesday, March 17, 2021

They added that malefactors are constantly on the lookout for new ways to obfuscate their activities and the creative use of the fake .JPG enables them to conceal and store harvested credit card details for future use without attracting attention to themselves.

Ilia Kolochenko, founder and CEO of ImmuniWeb, says Magecart attacks are tricky to detect, however, the purpose of hiding credit card data in images files remains largely unclear. If a Web site is equipped with an on-premise or cloud-based WAF/IDS that is capable of detecting anomalies in Web traffic, these systems will almost certainly detect a Web site breach or Magecart infection in a timely manner.

Moreover, excessive or unusual HTTP requests, such as those coming from specific countries or during unusual business hours, to any Web site sections of files including images, will more than likely be detected much like any other anomaly would.

“I don’t think we are dealing with novel data exfiltration techniques but rather with an individual use case that will unlikely be widely used in the future," says Kolochenko. "To minimise the risks of Magecart data breaches and harsh penalties under PCI DSS, CCPA or GDPR, e-commerce Web site owners should implement continuous security monitoring, anomaly detection and a regular security testing by a qualified third party.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential