The FBI has published a TLP:WHITE FLASH warning that cyber actors are scraping credit card data from U.S. business’ online checkout page and maintaining persistence on victims’ devices by injecting malicious php code. The FLASH indicates that since January of this year, unknown threat actors have stolen credit card data from an online U.S. business and sent the scraped data to an adversary-controlled server that spoofed a legitimate card processing server. According to the FBI, the “cyber actors also established backdoor access to the victim’s system by modifying two files within the checkout page.” The FLASH includes further technical details regarding this activity, including indicators of compromise, and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or [email protected]. Access the FLASH at IC3.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!