A web skimming attack was used to target a school administration software that handles school accounting, student fees, and online stores for K-12 and other educational institutions.
Active Networks, the parent company of the concerned Blue Bear Software, released a notice on the data breach. The attack potentially affects users that purchased items between October 1 and November 13, 2019 from a school webstore that runs on the e-commerce platform.
Names, credit card or debit card numbers, expiration dates and security codes, and Blue Bear account usernames and passwords may have been collected. Active Network clarified that the incident did not involve unauthorized access to Social Security numbers, driver license numbers, or similar government ID card numbers. The company is still looking into the incident and has taken steps to enhance security measures. Customers are advised to review account statements and credit reports, and are encouraged to use the provided identity monitoring services that include alerts for card data changes and fraud consultations.
Credit card skimming attacks on compromised websites take advantage of weaknesses in e-commerce platforms, where attackers inject skimming scripts into checkout pages to collect data. Online retailers are prime targets for web skimming attacks since credit card data can be stolen during checkout through third-party providers.
We uncovered activity involving the notorious online credit card skimming attack known asMagecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada.
Skimming attacks have become more commonplace, spurring the Federal Bureau of Investigation (FBI) to issue a security warning in October 2019, alerting small- and medium-sized businesses (SMBs) and government agencies about the threat and providing security recommendations to protect against potential compromise.
Threat actors that employ this skimming attack continuously come up with different ways to stay undetected on compromised sites. To prevent such attacks, site owners should regularly check and strengthen security with patches and server segregation. They should also employ authentication mechanisms, especially for sites that handle sensitive data. This would also mean reviewing their overall cybersecurity posture, especially for those areas where they employ third-party vendors.
Security teams should also delete or disable outdated components and regularly monitor websites and applications for any suspicious activity. Undetected threats could lead to data exfiltration, execution of unauthorized scripts, or unwanted access and modification.
The following Trend Micro solutions, powered by XGen™ security, protect users and businesses by blocking the scripts and preventing access to malicious domains: