Digital Skimming Action: Group-IB contributes to Europol-led mission that uncovers 443 compromised online merchants

Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has taken part in the cross-border cybercrime fighting operation Digital Skimming Action, coordinated by Europol and featuring the European Union Agency for Cybersecurity (ENISA), law enforcement authorities from 17 countries, and other private sector partners. Group-IB’s Threat Intelligence unit prepared and supplied research into digital skimming patterns throughout the two-month operation. This helped Europol and its partners to detect and issue notifications to 443 online merchants in total with whom customers’ credit or payment card data had been potentially stolen. The successful campaign, led by Greece, falls under the European Multidisciplinary Platform Against Criminal Threats (EMPACT) priority, which targets the criminals behind online fraud schemes.

Throughout Digital Skimming Action, Group-IB played a key role in collecting significant Threat Intelligence data, including information about infected websites, detected malware signatures, the extracted domains, gates, and URLs used by attackers to collect data or load other malware, as well as instructions on where to find the malware used to launch digital skimming attacks, also known as JavaScript-sniffers, on websites. During the operation, Group-IB Threat Intelligence detected and identified 23 families of JS-sniffers, including ATMZOW, health_check, FirstKiss, FakeGA, AngryBeaver, Inter, and R3nin, which were utilized against companies in the 17 countries that participated in Digital Skimming Action. In total, 132 JS-sniffer families are known, as of the end of 2023, to have compromised websites worldwide, according to Group-IB data.

Additionally, Amsterdam-based Group-IB experts from the company’s Threat Intelligence unit and High-Tech Crime Investigation Department delivered onsite training for participating European national law enforcement authorities detailing the impact of the digital skimming phenomenon, key insights into the general architecture of JS-sniffer infrastructure, and threat hunting techniques.

Between H2 2021 and H1 2022, Group-IB Threat Intelligence discovered more than 320,000 credit or payment cards globally that had been compromised with the use of JS-sniffers, a four-fold year-on-year increase. The total number of credit cards believed to have been compromised by JS-sniffers is thought to be much larger.

Digital skimming, which has grown in scale, impact, and sophistication over recent years, involves the illicit practice of extracting credit card or payment card details from customers making online purchases from websites that have been infected with JS-sniffers. Typically, customers remain unaware of the compromise until the criminals exploit their stolen details to conduct unauthorized transactions. Group-IB’s sector-leading Fraud Protection solution helps banks protect against multiple types of digital fraud, including unauthorized transactions carried out as a result of digital skimming attacks.

“The success of Digital Skimming Action demonstrates the importance of coordinated, cross-border efforts to fight against cybercrime. Group-IB’s role in supplying key Threat Intelligence data and providing on-the-ground training reflects our dedication to fortifying the digital defenses of merchants and customers alike. Together with Europol, ENISA, law enforcement agencies, and private sector partners, we stand united in our mission to put a stop to digital skimming attacks, as with all forms of cybercrime, ensuring a safer and more secure online environment for all.”

Camill Cebulla

Group-IB’s Director of Sales Europe

“Group-IB is proud to have been a Europol private-sector partner since 2015, and Digital Skimming Action is yet another example of Europol’s leading role in combating digital crime and strong cooperation with the private sector. Fighting against cybercrime is Group-IB’s core mission, and our Amsterdam Digital Crime Resistance Center will continue to supply targeted intelligence and work alongside international and national law enforcement agencies in order to protect European citizens and financial organizations from the grips of cybercrime.”

Dmitry Volkov

CEO at Group-IB

Digital Skimming Action is the latest Europol-led anti-cybercrime operation in which Group-IB has made a significant contribution, following Carding Action 2021 and Carding Action 2020, which were both led by Europol’s European Cybercrime Centre (EC3) and with the support of national law enforcement agencies in EU member states and the United Kingdom. The two successful operations prevented over €50 million in losses.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.