Credit card fraud: Government's cyber security reveals names of 7 'hacked' websites

| Jul 17, 2020, 08:49 AM IST
View as slideshow
Credit card fraud: Government's cyber security reveals names of 7 'hacked' websites
1 / 15

Credit card fraud: Government's cyber security reveals names of 7 'hacked' websites

The government's cybersecurity agency Cert-In has warned against incidents of credit card skimming on e-commerce websites worldwide. In online credit card skimming, cyber criminals add skimming code on online shopping websites to steal credit card information shared by customers. As per Cert-In, "Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP)."

The Cert-In's advisory is based on Malwarebytes recent report. According to the report, all the compromised sites identified had a shopping portal, and this is exactly what the attackers were after. Cert-In has also shared the names of skimmer hosting sites as well as best practices to follow for website developers:

...Read more

Related:

idpcdn-cloud[.]com
2 / 15

idpcdn-cloud[.]com

...Read more
joblly[.]com
3 / 15

joblly[.]com

...Read more
hixrq[.]net
4 / 15

hixrq[.]net

...Read more
cdn-xhr[.]com
5 / 15

cdn-xhr[.]com

...Read more
rackxhr[.]com
6 / 15

rackxhr[.]com

...Read more
thxrq[.]com
7 / 15

thxrq[.]com

...Read more
hivnd[.]net
8 / 15

hivnd[.]net

...Read more
Tip: Use latest version of ASP.NET web framework, IIS Web server and database server.
9 / 15

Tip: Use latest version of ASP.NET web framework, IIS Web server and database server.

...Read more
Tip: Apply appropriate updates/patches on the OS and application software as and when available through OEM.
10 / 15

Tip: Apply appropriate updates/patches on the OS and application software as and when available through OEM.

...Read more
Tip: Restrict/deny all access by default and only allow absolutely necessary accesses.
11 / 15

Tip: Restrict/deny all access by default and only allow absolutely necessary accesses.

...Read more
Tip: Conduct complete security audit of web application, web server, database server periodically and after every major configuration change and plug vulnerabilities found.
12 / 15

Tip: Conduct complete security audit of web application, web server, database server periodically and after every major configuration change and plug vulnerabilities found.

...Read more
Tip: Apply Security Information and Event Management (SIEM) and/or Database Activity Monitoring (DAM) solutions.
13 / 15

Tip: Apply Security Information and Event Management (SIEM) and/or Database Activity Monitoring (DAM) solutions.

...Read more
Tip: Search all the websites hosted on the web server or sharing the same DB server for the malicious webshells or any other artefact.
14 / 15

Tip: Search all the websites hosted on the web server or sharing the same DB server for the malicious webshells or any other artefact.

...Read more
Tip: Periodically check the web server directories for any malicious/unknown web shell files and remove as and when noticed.
15 / 15

Tip: Periodically check the web server directories for any malicious/unknown web shell files and remove as and when noticed.

...Read more
​Vivo X50 Pro vs Realme X50 Pro vs Xiaomi Mi 10 vs OnePlus 8 Pro: The best new premium smartphone