A data-skimming attack has hit over 100 Sotheby’s real estate websites in a supply chain attack abusing a weaponized cloud video player. According to Palo Alto Networks’ Unit 42 division, all of the compromised sites belonged to Sotheby’s and no other companies were impacted. The sites imported the same video player from the cloud video platform, however, they had been infested with malicious scripts. Many of the compromised sites were for specific properties for sale and are not defunct. All of the sites have since been cleaned. Some of the still-running sites exhibit heavy use of the Brightcove video player to showcase properties.
It is unclear which video player was leveraged in the campaign. In skimmer attacks, cybercriminals often inject malicious JavaScript code to hack a website and gain access to the functionality of the site’s HTML form page, which allows them to collect sensitive information. In this case, the attacker injected the skimmer with JavaScript codes into video, so whenever others accessed the video their websites were injected with skimmer codes as well. The information collected, such as names, emails, and phone numbers, could be used for phishing or social engineering attacks.
Read More: Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites