Digital skimming hackers have been in action again, this time targeting the website of a leading US gun-maker and its customers.
Springfield, Massachusetts-based Smith & Wesson was attacked on Black Friday, during one of the busiest shopping weekends of the year, according to Sanguine Security.
The security vendor’s forensics man, Willem de Groot, warned on Twitter that although the skimming code was injected into the site last Wednesday, November 27, it was still active as of Monday, December 2.
To add another layer of intrigue, the hackers have been using the Sanguine Security name as cover to legitimize their campaign.
“Skimming code & infrastructure is identical to the campaign that impersonates Sanguine Security,” said de Groot. “Hacker registered skimming domains in my name and disguises as Sanguine protection.”
Those domains were registered at sansec[.]us, sanguinelab[.]net, in a bid to ape the vendor’s legitimate sanse[.]io name.
It’s likely the attackers chose Sanguine Security deliberately, as much of its work for customers is to protect them from Magecart-style attacks.
For companies that are not prepared for such attacks, there could be severe financial repercussions. De Groot explained that the attack on Macy’s wiped $500m off its share price.
“Alas, for Smith & Wesson, the put options don't seem to be in high demand right now,” he said. “Carding has a better yield than stock manipulation?”
The gun-maker’s travails are just the latest in a long line of incidents hitting big name companies. The aforementioned Macy’s was the most recent high-profile brand to have its website infected, leading to the exfiltration of an unspecified number of customers’ card data over the period of a week.
Earlier this year Sanguine Security discovered what it described as the biggest single automated campaign to date, hitting over 960 e-commerce sites in just a day.