In a recent wave of cyber threats, a sophisticated Magecart credit card stealing campaign has emerged, employing a strategy to exploit unsuspecting websites. This operation involves hijacking legitimate sites and transforming them into "makeshift" command and control (C2) servers.
By leveraging these compromised platforms, hackers discreetly inject and conceal skimmers on targeted eCommerce sites, perpetuating the theft of customers' sensitive credit card details and personal information during the crucial checkout process. The Magecart attack has once again highlighted the alarming vulnerability of online stores to breaches.
The far-reaching impact of this campaign has reached numerous organisations across various nations, including the United States, the United Kingdom, Australia, Brazil, Peru, and Estonia, have fallen victim to these pervasive compromises.
The widespread geographical scope of this attack highlights the global nature of the threat, posing a significant challenge for cybersecurity professionals worldwide.
Exploiting legitimate websites
To initiate their activities, the attackers begin by identifying susceptible legitimate websites and infiltrating them to serve as hosts for their malicious code. This strategic manoeuvre enables them to establish these compromised platforms as command and control (C2) servers, facilitating their attacks.
By leveraging reputable and unsuspecting websites to distribute credit card skimmers, the threat actors adeptly evade detection and circumvent blocks, eliminating the need to establish their own infrastructure. This method allows them to operate covertly and exploit the credibility of legitimate sites, amplifying the effectiveness of their malicious endeavours.
The attackers then move to inject a small JavaScript snippet into the eCommerce sites that they are targeting, this then fetches the malicious code from the websites that were previously compromised.
It’s not clear as to how these sites are being breached but based on previous attacks like these, the attackers identify vulnerabilities in targeted website’s digital commerce platform eg. Shopify, Wordpress or Magento. Failing this, they also work on finding vulnerable third-party services used by the website.
Enhancing the attack's covert nature, the threat actors have incorporated Base64 encoding to obfuscate the skimmer. This technique not only conceals the host's URL but also ensures that the skimmer's structure bears a striking resemblance to well-known third-party services like Google Tag Manager or Facebook Pixel. This leverages the familiarity and widespread usage of these popular services, the attackers successfully elude suspicion, further heightening the covertness of their malicious activities.
In conclusion
To shield against Magecart infections, website owners can effectively safeguard their platforms by implementing robust measures such as ensuring the proper protection of website admin accounts and promptly applying security updates for their content management systems (CMS) and plugins.
Customers using online stores can take proactive steps to mitigate the risk of data exposure. They can opt for electronic payment methods or utilise virtual cards, both of which offer added layers of extra security. Setting charge limits on credit cards can provide an additional safety net, minimising potential losses in case of unauthorised transactions.
Implementing the Payment Card Industry Data Security Standard (PCIDSS) is of paramount importance for companies entrusted with handling credit card data. PCIDSS serves as a comprehensive set of security requirements designed to safeguard sensitive payment information and mitigate the risk of data breaches. By adhering to PCIDSS guidelines, companies can demonstrate their commitment to maintaining robust security practices, instilling confidence among customers and business partners alike.
Compliance with PCIDSS not only minimises the potential for financial losses, reputational damage, and legal repercussions resulting from data breaches but also helps build trust and credibility in an increasingly security-conscious digital landscape.
