On August 28, more than 80 global e-commerce sites were reported to be attacked by the Magecart Group. Magecart is a loose attack organization that launched payment card attacks against companies such as Ticketmaster, Forbes, British Airways, and Newegg. The organization typically inserts a virtual credit card splitter (also known as formjacking) in a web application (usually a shopping cart) and then steals credit card information for sale on the black market.
According to a study released by Aite Group and Arxan Technologies on Wednesday, one-quarter (25%) of the sites attacked by Magnetecart are “large, well-known motorsports and luxury clothing brands”. In general, the affected locations are distributed in the United States, Canada, Europe, Latin America, and Asia. These 80+ sites all use the old version of Magento, and there is no tamper detection or code obfuscation.
Arxan chief scientist and research vice president said in the report that the advancement of the modern user experience has created a profitable attack surface in the web content provided through browsers and mobile phones. Any interface that accepts user input becomes the target of filtering. In addition, the widespread use of third-party components creates a supply chain that allows attackers to easily attack thousands of sites with just a few lines of code.
Published by Emerson L. Sullivan & last updated on August 30, 2019 7:14 am