Digital Skimming

Digital skimming, a form of malware, has emerged as a significant threat to online businesses and consumers. This type of cybercrime involves the theft of sensitive payment information during the online checkout process. It often goes undetected for extended periods due to the stealthy methods employed by threat actors, such as using JavaScript sniffers on compromised websites to collect payment data. Digital skimming attacks frequently target e-commerce platforms and third-party code integrations, posing daily risks to millions of individuals across the EU, including small and medium-sized businesses, e-merchants, and banks. On December 27, 2023, Europol reported that digital skimming attacks have been deployed by threat actors using data stolen from 443 online merchants, according to cybersecurity news site, The Record. The collected threat intelligence data included infected websites, detected malware signatures, extracted domains, gates, and URLs used by attackers to collect data or load other malware, as well as instructions on where to find the malware used to launch digital skimming attacks. This comprehensive data set reveals the breadth and depth of these threats, highlighting the urgent need for effective countermeasures. In response to this growing threat, companies like Imperva and F5 are developing solutions to prevent and detect digital skimming attacks. Imperva's Client-Side Protection aims to prevent online fraud from website supply chain attacks like digital skimming, while F5 is focusing on identifying cases of digital skimming early in the hacker's journey through integrations with bot defense products. Furthermore, Europol, in cooperation with the European Union Agency for Cybersecurity (ENISA) and law enforcement authorities from 17 countries, is making concerted efforts to combat the rising threat of digital skimming attacks.