bloomicon - stock.adobe.com
Savvy cyber criminals operate within this blind spot to compromise users while going unnoticed for weeks or months.
Magecart breaches are now detected hourly and cyber security companies have observed millions of instances of skimmers being used across the net. Attacks from the syndicate range from amateur to highly sophisticated actors pushing the boundaries of what Magecart can achieve. As time progresses, Magecart attacks are, as a rule, becoming more advanced.
Read more about Magecart
- Three alleged cyber criminals suspected of being associated with Magecart were arrested in Indonesia via an Interpol-assisted operation called Operation Night Fury.
- US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack.
- Security researchers have discovered a Magecart group operating with impunity using bulletproof hosting services, including one in battle-scarred Ukraine.
Magecart operatives will carefully study the e-commerce platforms of large organisations to gain insight into their inner workings and hidden vulnerabilities.
The modus operandi is to develop custom-built skimmers in line with a targeted website’s appearance and functionality; this allows for the seamless interception of credit card data and other types of information usually off-limits to skimmers. For example, Magecart will skim information typed into online shopping profiles, in which customers save names and shipping addresses.
This enables Magecart actors to combine skimmed PII [personally identifiable information] with its corresponding financial data to create “fullz”, packages of highly valuable data to be sold on the black market. Like castles, websites will always have vulnerabilities and strongpoints; attackers simply need time to study their targets and identify where the vulnerabilities are.
Other Magecart groups have focused on third party web service organisations, whose widgets are used widely in the websites of well-known and visited brands. By compromising one of these services they effective compromise all sites that make use of that service.
As sharks are drawn to blood in the water, criminal groups will be attracted to ecosystems proven to be lucrative. For example, Magecart 4 – which previously specialised in banking malware – has turned instead to skimming attacks. This results in a concentration of talented cyber criminals drawn to this threat vector and focusing on the advancement of skimming. It no longer matters what method of online payment organisations choose to employ; given enough time, cyber criminals will find its vulnerability.
How to stave off the skimming threat
Given the dynamism and persistence of skimming threats, it’s crucial that organisations develop thorough defences to guard against a worst-case BA scenario.
Fabian Libeau is EMEA vice-president at RiskIQ.