Cyber Security
Magecart Attacks: The Growing Epidemic of Web Skimming
Andrea Abbondanza , 30 Jul, 2024
Have you ever wondered if your online shopping is truly secure? Unfortunately, it is probably not, especially with the looming threat of Magecart attacks.
Magecart attacks are a growing threat. They silently target customers on popular websites and steal their credit card details during purchases.
With online shopping becoming more common, the risk of falling victim to Magecart attacks increases. The good news is that you can take several protection measures. Read on to learn more!
What is Magecart Attacks?
Magecart attacks are web-skimming cybercrimes in which hackers inject malicious code into websites to steal credit card information during online transactions.
In 2015, the infamous Magecart hacker group adopted its name from the e-commerce platform Magento, and since then, it has become synonymous with these types of attacks.
Similar to their namesake, these attacks commonly target e-commerce checkout pages, capturing users’ payment details and transmitting them to the attackers.
Any website processing payments can be a target, from small online stores to major retailers, to be sold on the dark web or used for fraudulent purchases.
In light of the increasing threats posed by Magecart attacks, the Payment Card Industry Data Security Standard (PCI DSS) has undergone revisions, highlighting how serious these cases are.
How Does Magecart Work?
Magecart attacks exploit website vulnerabilities to steal credit card information through web skimming. Here’s how these attacks typically unfold:
- First, attackers identify weaknesses in a website’s security, such as outdated software, insecure third-party services, or weak security protocols.
- Once a vulnerability is found, they inject malicious JavaScript code into the website.
- Attackers steal sensitive data via several attack techniques, such as code injection, fake payment forms, URL redirection, and third-party vendor code disguises like Google Tag Manager to hide the attack.
- Finally, the stolen data is used for fraudulent purchases or sold on the dark web.
Magecart attacks are stealthy and hard to detect, posing a serious threat to online retailers and their customers.
Impact of Magecart Attacks
There are several impacts of these stealthy attacks, including:
Revenue Loss
When customers’ credit card information is stolen, trust is eroded, leading to decreased sales and a damaged reputation. The expenses related to investigating the breach, repairing systems, and paying potential fines further exacerbate financial losses.
Further Infection
A Magecart attack can spread beyond the initial breach, infecting other parts of the system and even connected websites. This prolonged period of vulnerability complicates and increases the cost of remediation efforts, intensifying the overall damage to the business.
Legal and Compliance Damages
Businesses hit by Magecart attacks may face legal action and substantial fines due to non-compliance with data protection regulations like GDPR or PCI DSS.
These legal and compliance issues can result in long-term financial and reputational damage, making recovery even more challenging.
Theft of Personal Information
Credit card details, names, and addresses are common stolen data that can be used for fraudulent activities and identity theft or sold on the dark web, causing major harm to individuals and further tarnishing the business’s reputation.
How to Protect Your Business from Magecart
To avoid falling victim, you must safeguard your business from these attacks by following these steps:
Client-side Visibility
If your company uses Content Security Policies (CSPs) to trust specific domains for executing scripts on its websites, it is not guarding against attacks from trusted sources.
To enhance security, monitor and gain visibility into all executed scripts within the browser.
Keep Software Up to Date
Up-to-date software means updated security patches, leading to more robust protection measures. Ensure that all software, from CMS to payment processing software, is regularly updated.
Understand Your Third-Party Risk
List all third-party resources on your website and evaluate the risks associated with each resource to ensure safety. Additionally, ensure vendors audit for vulnerabilities.
Examples of Magecart Victims
British Airways
British Airways (BA) was fined £20 million by the UK’s Information Commissioner’s Office (ICO) for a 2018 data breach that exposed the credit and debit card details of 380,000 customers.
The breach revealed major security lapses, such as storing card details and critical credentials in plain text and not requiring multi-factor authentication (MFA) for employee accounts.
Hackers exploited a Citrix vulnerability using a compromised Swissport employee account without MFA, moving from the Citrix environment to the wider BA network.
They used plain text credentials to escalate access and found unencrypted server logs with payment card details.
The Magecart group, known for stealing payment card information, planted a card skimmer on BA’s payment page.
Magento
When web skimming attacks initially emerged around 2010, with widespread attacks starting in 2015, the first target was the Magento open-source e-commerce software platform.
This led to the attackers being dubbed “Magecart,” combining “Magento” with “shopping cart.”
Now, “Magecart” refers to web skimming attacks across various platforms and is used as a general term for the approximately seven cybercrime groups known to execute these attacks.
Amazon S3 Buckets
Magecart targets websites using misconfigured Amazon S3 buckets to steal credit cards and sensitive information. It particularly affects e-commerce sites through third-party JavaScript libraries.
Magecart scans for misconfigured S3 buckets and injects skimming code into JavaScript files due to the buckets’ read/write permissions.
The malicious code logs credit card details from payment forms and transfers the data to the attackers. This approach has compromised over 17,000 domains since April 2019.
Hanna Anderson
In December 2019, Hanna Anderson’s online platform was hacked, compromising customer credit card details, including names, card numbers, CVV codes, expiration dates, and addresses.
As the exact number of affected customers was unknown, Hanna Anderson notified all customers who purchased during this period. The company secured the platform with law enforcement and payment card companies.
Frequently Asked Questions
Is Magecart still active?
Yes, Magecart remains active and continues to target e-commerce sites to steal payment data.
What is a web skimming attack?
A web skimming attack is where hackers inject malicious code into a website to capture and steal users’ payment information.
What is a web jacking attack?
A web jacking attack hijacks a real website to redirect users to a fake, malicious site for phishing or other harmful activities.
Conclusion
So, are your online transactions truly secure? The truth is, recent Magecart attacks highlight the ongoing threat from Magecart and similar cybercriminals targeting e-commerce sites to steal sensitive customer information, leading to major data breaches.
Implementing robust cybersecurity measures is crucial to protecting your business and customers. Contact Fluxgate for expert assistance in defending your platform against Magecart and other cyber threats. Ensure your security and maintain customer trust!