BankInfoSecurity
May 5, 2021
DougOlenick) • April 9, 2021 Get Permission
Visa s Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over retailers servers during payment card skimming attacks. As a result, eSkimming, or digital skimming, is among the top threats to the payments ecosystem, according to the Visa report.
The web shells enable fraudsters conducting digital skimming attacks on e-commerce sites to establish and maintain access to compromised servers, deploy additional malicious files and payloads, facilitate lateral movement within a victim s network and remotely execute commands, Visa says.
The most common methods for deploying a web shell are malicious application plug-ins and PHP code, Visa reports.