Hackread reports that at least 17 organizations, including major Japanese electronics firm Casio's UK subsidiary, had their websites compromised in a double-entry web skimming attack that involved the loading of a script from the same Russian hosting provider and the distribution of a bogus payment form in the cart page that redirected to the checkout page that also sought targets' payment details.
Jscrambler researchers said attackers who targeted Casio UK's website between Jan. 14 and 24 deployed a two-stage skimmer that consisted of an unobfuscated loader purporting to be a third-party script that triggers the second-stage skimmer that encrypted and exfiltrated contact information, credit card details, and billing addresses, and also concealed malicious activity through XOR-based string masking and custom encoding.
"The casio.co.uk skimming incident attests that although Content Security Policy (CSP) is a relatively simple standard, it's often considered hard to manage," said the researchers. "It's easy to make mistakes, which often leads to companies opting for a report only over blocking, which also takes away a significant portion of the benefit."
