Google’s Tag Manager (GTM) is a system for managing HTML and Javascript analytic tags on website, especially ecommerce sites.
A report by The Recorded Future has found that threat actors have been installing malicious e-skimmers scripts that can steal customer card data and other personally identifiable information exploiting GTM.
“As of this writing, over 165,000 payment card records attributed to victims of GTM container abuse attacks have been posted to dark web carding shops,” the researchers said. “The total number of payment cards compromised via GTM-based e-skimmers is likely higher.”
Jonathan Greig, The Record
Your takeaway from this is:
- Do you have an e-commerce site that could be infected and leaking PII?
- You, your web designer or cyber security consultant should check.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
