Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals.
These sites all appear to have been built using Click2Gov, a web-based platform meant for use by local governments. It is used to provide services such as community engagement, issues reporting, and online payment for local goverments. Residents can use the platform to pay for city services, such as utilities. Breaches in these sites, however, are not new: In 2018 and 2019, the websites of several towns and cities using Click2Gov were compromised.
Figure 1. Credit card skimming attack chain
Our research identified eight cities whose websites had been compromised with a JavaScript-based skimmer, as expected from a Magecart attack. The information exfiltrated included:
Credit card information (card number, expiration date, CVV)
Personal information (Name and contact address)
Our analysis of both the skimmer and the infrastructure used could not find any connections between this breach and the incidents in 2018 and 2019. Nevertheless, five of the eight cities were also affected in the previous breaches; we believe that these attacks started on April 10 of this year, and are still active.
Analysis of the card skimming attack
The attack occurs when victims make an online payment on the compromised Click2Gov website. JavaScript code was injected into the payment page ..
Support the originator by clicking the read the rest link below.
