Magecart attack has become one of the biggest threats e-commerce businesses are facing. It uses the same techniques as a POS skimmer would do at a physical cash register, cyber criminal launching a Magecart attack would try to insert a malicious script into servers responsible for handling your payment. This way, they were able to get access to your customer data when a customer type it on your e-commerce site.
The worst part about these attacks is that both the customer and e-commerce business are unaware of it. Hackers can not only insert the script silently but also flee away by stealing sensitive customer data without leaving any trace. In 2019, we saw an exponential rise in these Magecart attacks targeting businesses and sadly, this trend will continue in the future as well.
We have already witnessed large scale Magecart attacks targeting British Airways, TicketMaster and NewsEgg and if e-commerce businesses don’t take any measures to protect themselves from such attacks, we will see many other joins this list. In order to mitigate the risk of these Magecart attacks, E-commerce businesses should know how to identify a Magecart attack.
In this article, you will learn about seven warning signs that Magecart attacks are here to stay.
Unexpected Targets
Just because you are operating in a niche market does not mean that you are safe. Kitchen appliance maker OXO found this firsthand. Magecart attack targeted OXO way back in 2017 and continued till 2018. Customers are informed about the data breach in January 2019. Cyber criminals was successfully able to inject malicious scripts in OXO’s checkout page and got away by stealing customer data.
Servers Are at A Risk
According to Verizon Data Breach Investigation Report 2019, hackers are using Magecart attacks in order to launch server attacks, where chip enabled credit cards are the norm. This is happening because we have reached a point where the parity between payments made using web app servers and without it has diminished.
There are two main categories of these server attacks:
- Constant delivery network attacks
- Server takeover
A major chunk of these attacks results in server compromise. It can be a warning sign for businesses. This means that even if you have the best dedicated servers, you still must take security measures to protect it from Magecart attacks.
Web Supply Chain Attacks
William D Groot, who is a researcher found Magecart is targeting marketing software is at the core of web supply chain. Magecart skimmers will look to target payment gateways, which are used by E-commerce businesses to process payments. Instead of hitting a single target, hackers are targeting dozens of websites in order to find few lucrative ones.
Here is how you can prevent web supply chain attacks.
- Use intrusion detection systems
- Patch management
- Keep an eye out for third party attacks and third party vendors
- Ensure the software is safe before installing it
Leveraging Existing Platforms
A shocking discovery came when MalwareBytes report found that Magecart skimmers are leveraging code repository site GitHub. They are using the malicious hex encoded scripts from GitHub to target E-commerce websites. The popularity of GitHub amongst developers make it easy for hackers to host or extract malicious code from sites like GitHub and no one would look at them with suspicion either. Even though, GitHub removed the malicious account found guilty of serving up skimming scripts, but it happened after the matter came to media attention.
Large Publications are not spared
Forbes magazine subscription website became a target for Magecart attacks recently. Attackers injected malicious JavaScript code into website’s HTML code to steal user’s critical information. Even the likes of Forbes could not believe how skimmers are able to steal customer information and advised its print subscribers to keep an eye on these types of attacks and other fraudulent activities taking place. This is only a single example and we can see Magecart attacks targeting and infecting other popular publications in the future as well.
Going Beyond Magento
Did you know where does Magecart got its name from? The word “Mage” in its name came from frequent attacks on websites powered by Magento. Magecart attacks might have its roots in Magento but it is expanding well beyond the platform. Today, Magecart attacks are targeting thousands of third-party payment platforms that has nothing to do with Magento.
Most active groups of Magecart skimmers are targeting OpenCart and OSCommerce. With its attack surface widening and complexity increase, Magecart can become a big threat for businesses around the globe. If you are prepared for it, you can cope up with it but if you are not, you will struggle against it. This means that business should act proactively.
Lookalike Galore
Magecart is not the only form of attack. It has led to the creation of new types of malware. One of the best examples in this regard is of JavaScript sniffer. They might look a lot like Magecart but differs slightly in terms of volume. We might see lookalike attacks increase in coming months. Researchers predict that there are more than 30 different types of JavaScript sniffers present in the wild, which are trying to target E-commerce website checkout pages and steal payment data. Lack of research on these types of attacks are making it easy for sniffers to achieve their goals as businesses are unaware of it.
Conclusion
With almost every business accepting online payments, the risk Magecart attacks post is huge. No business can mark themselves safe irrespective of how big or small they are or in which industry they operate in. If they are dealing with online payment, they can come under attack. It’s ability to work in the background without getting spotted makes them even more lethal. Secure your checkout page as it is more likely to be targeted by skimmers.
How do you protect your Ecommerce business from Magecart attack? Let us know in the comments section below.