(CERT-In) Indian Computer Emergency Response Team reveals details of ‘hacked’ websites against credit card fraud. Cert-In has warned of instances of credit card fraud in e-commerce Web sites around the world by the government’s cyber security agency.

There is a new model of threat to steal their details and even cash, according to the Indian Computer Emergency Response Team (CERT-I). The cyber agency stated a credit card skimming program on web sites for e-commerce.

A recent report by Malwarebytes LabS provided the information reported by CERT-In. The vulnerability, classified as CVE-2017-9248, was found because of ASP.NET ‘s ability to intercept card details. This isn’t it, attackers could steal user passwords, it said.

Cert-In stated that “attackers typically use the LAMP (Linux, Apache , MySQL and php) environment to target e-commerce sites because of their wide presence, popularity “.

Cert-In posted the details of the hacked websites:

  • idpcdn-cloud[.]com
  • joblly[.]com
  • hixrq[.]net
  • cdn-xhr[.]com
  • rackxhr[.]com

Guidelines to prevent credit card fraud on websites:

  • Understanding what’s being install on the device, such as the cell phone and desktops, is important.
  • This is important to establish a strategic gap from accessible wifi and unreliable networks, such that they are easy targets for the scammers.
  • Don’t reveal your card or OTP details to some obscure source
  • Make sure skimming gadget is tested when using ATM.
  • One way to cut card cheats is to make sure that you use cards on legitimate websites when shopping on the web.
  • Using a mix of numerical, special characters and alphabet to create a complicated login and transaction password for internet banking.
  • When an unapproved transaction is made out of your account, make sure to notify the bank to cancel or reject the charge instantly.

Indian Computer Emergency Response Team has released recommendations for creators of  websites too:

  1. Apply appropriate OS and Application Software updates as and when available via OEM.
  2. Fully restrict access by default and only allow accesses that are completely necessary.
  3. Occasionally perform a complete security audit of the web application , web server, database server and after any significant changes in configuration and plug vulnerabilities identified
  4. Use ASP.NET’s latest version of the web framework, IIS Web server, and database server.
  5. Add approaches to SIEM (Security Information and Event Management) and to Database Activity Monitoring (DAM).
  6. For the mischievous web shells, search all websites housed on the domain server or using the same Database folder.
Follow on Google News