Stop the looters: a method to detect digital skimming attacks

The presentation discusses the importance of detecting digital scheming attacks and presents a method to do so using one-way hash functions. It also highlights the challenges in implementing detection methods and suggests ways to make it harder for attackers to exploit vulnerabilities.

• Digital scheming attacks often happen through JavaScript and can exploit vulnerabilities in third-party components or infrastructure.
• Patching and keeping third-party components up to date is important for security hygiene.
• Content security policies and script integrity checks can make it harder for attackers to exploit vulnerabilities.
• One-way hash functions can be used to detect changes in source code and alert security teams.
• Implementing detection methods can be challenging for development teams, especially in smaller companies with limited resources.
• Automated tools like Suricata JS can help detect digital scheming attacks and alert security teams.

The presentation cites the example of the Ticketmaster data breach, where attackers injected their schema code into Ticketmaster's scripts through a third-party provider. The schema code was reflected in Ticketmaster's web pages, and credit card information was stolen as a result.

Abstract:In 2019 British Airways was fined a remarkable £183 million for a data breach that affected more than 380.000 of its customers. Magecart, the hacking group behind the attack, specializes in credit card theft and British Airways have not been their only victim. Ticketmaster, Forbes, Newegg and numerous online webshops have suffered security breaches by digital skimmers.In the real world, a skimmer is a physical device inserted at payment terminals in order to harvest credit card data. Digital skimming is usually done through javascript code injected in a webpage where victims visit to fill in payment, or other types of sensitive data.So how do you detect an attack? Is there an easy method to monitor javascript and deter digital skimmers? In this talk I will be presenting exactly this: a method to audit your javascript in order to stop digital skimmers from looting your websites.