India has millions of internet users, making them the perfect target for scammers. And according to the Indian Computer Emergency Response Team (CERT-In), there’s a new attack model looking to steal their data and even money. The cyber body explained about a credit card skimming campaign run through e-commerce websites. Also Read - Microsoft launches Windows File Recovery app to help recover deleted data
Attackers targeted the websites hosted on Microsoft’s IIS server and running ASP.NET web application framework, CERT-In explained. Apparently, Microsoft no longer supports this framework. And this has made the websites running on the server vulnerable to cyber attacks. Also Read - New Android vulnerability warning issued by CERT-In
Watch: Weekly News Roundup – June 17
So understandably, CERT-In wants owners of these websites to update their framework to the latest version. In addition to this, they want to make sure they audit the applications as well as the server database. This way, they will be able to keep a track of any malicious files loaded into the backend for exploiting the security weakness. Also Read - CERT-In issues alert on 'Locky' ransomware spreading in India
The details shared by CERT-In came through a recent Malwarebytes Labs report. It had discovered vulnerability termed CVE-2017-9248, for ASP.NET allowed them to steal credit card details. That’s not all, the issue could allow attackers to steal passwords of users, it said. The report said incidents were first observed in April this year when online transactions were at the peak because of lockdown in many parts of the world.
Firmware updates are vital to make sure the website and their directories are clear of any wrongdoings. And it is crucial that website developers conduct regular audits to check the hygiene of the platform and update the frameworks.
Android users warned by CERT-In
The vulnerability was observed in the apps installed on the device. These apps will not alert the users as they can’t detect any issues. And if you start using the app, attackers can gain access to data on your phone. Which allows them to read messages, access photos, and all the apps on the phone.