Bushfire Donation Site Compromised By Cyber Criminals
Hackers have shown that they are severely lacking in both ethics and integrity after compromising the website of a website established to accept donations for victims of Australia’s bushfires.
The news comes via researchers working at Malwarebytes who took to Twitter to announce that an unnamed organisation that was raising money specifically for the victims of the Lake Conjola bushfires became a victim of a digital skimming code that was designed to harvest the credit card details of those generous enough to donate money.
“It’s a tried-and-tested method for data theft that lands the attackers with a complete set of information for each victim, worth more on the dark web than individual components,” Phil Muncaster goes on to explain. “In this incident, the malicious script in question was identified as “ATMZOW” and the known bad domain it exfiltrated data to was spotted as vamberlo.com”
Troy Mursch, who works at cybersecurity firm Bad Packets said on Twitter that he identified the same malicious script on just under 40 other websites.
Deepak Patel, security expert with PerimeterX told InfoSecurity Magazine that some attackers are proving their lack of a moral compas with the latest attack on a good cause.
“Given the lack of visibility into such client-side attacks, the website owners often find out about the data breach days or weeks after the code injection. This extended time allows skimmers to monetize the stolen cards to the fullest extent,” he said.
“Any site that processes user PII and accepts payments should take steps to shore up their application security by tracking and monitoring first- and third-party code execution on their sites in real time,” he added.