Microsoft Warns of Evolving Web Skimming Techniques
The Microsoft 365 Defender Research Team is warning that Web skimming attacks are becoming more sophisticated and are able to hide malicious scripts from traditional security defenses.
According to the report, Microsoft started observing the malicious code embedded in an image technique in November 2021 and said that in many cases, not only was the skimming code embedded, but many times remote access trojans (RATs) also were included to directly inject the skimming code server-side, which enables browser protections like Content Security Policy to be completely bypassed.
As for the other type of skimming technique -- those using malicious codes mimicking Google or Meta pixels -- Microsoft said it also started noticing this new technique at the end of 2021. While the attacks all pointed to domains used by a budget hosting provider, the actual sites were hidden behind Cloudflare infrastructure, obscuring it from security measures. Spotting these becomes increasingly difficult when security software doesn't flag them and the code itself appears with spoofed Google and Meta tags, making them difficult for admins and developers to spot.
The report also used the opportunity to tout the additional protection organizations can get against Web skimming with Microsoft 365 Defender. Microsoft said its cloud-based security solution coordinates threat defense across many domains, which detects and blocks skimming scripts on endpoints and servers. Its detection capabilities are also backed by security researchers that actively monitor the attack landscape to help update Microsoft 365 Defender with the latest deterrents.