SAN FRANCISCO–Visa is warning that cybercriminals are increasingly using web shells to establish command and control over retailers' servers during payment card skimming attacks.
In an alert, Visa said its Payment Fraud Disruption Team has found cybercriminals increasingly using web shells to establish command and control over retailers' servers during payment card skimming attacks.
"As a result, eSkimming, or digital skimming, is among the top threats to the payments ecosystem," stated Visa in its report.
According to Visa’s analysis, the web shells enable fraudsters conducting digital skimming attacks on e-commerce sites to “establish and maintain access to compromised servers, deploy additional malicious files and payloads, facilitate lateral movement within a victim's network and remotely execute commands.”
Most Common Methods
Visa said it found the most common methods being used to deploy a web shell are malicious application plug-ins and PHP code.
The analysis is based on a study of 45 digital skimming attacks in 2020. Visa said the attacks skimming payment card data from online checkout functions of e-commerce sites have become more prevalent during the COVID-19 pandemic as consumers have shifted to online shopping.
The Visa report includes additional insights into how scammers are gaining initial entry and then deploying a web shell on an ecommerce site. The report also offers strategies for improving security.