How does it work?

Step 1: Gain access to your website

According to cybersecurity researchers, this is a new type of attack wherein hackers are using a shotgun approach instead of targeted attacks.

They are trying to attack a large number of compromised Magento stores and preferring larger infection reach over accuracy.

Step 2: Skim sensitive information from a form

Once, they have gained access to the data, they will try to intercept information like credit card numbers and CVV from the payment form. 

Step 3: Send information back to their server

If the hackers have successfully skimmed sensitive data from your site, then they can send it easily to any location on the Internet. 

Magento hosting banner

Who is behind Magecart Attacks?

Yonathan Klijnsma who is a threat researcher at RiskIQ has been tracking Magecart for more than a year published a report in which he described the working of hackers in different groups based on their mode of operation and target.

He also highlighted that Magecart is a thriving criminal underworld who has been working in shadows for years now. 

RiskIQ has coined a new term for this- “spray and pray”. It contrasts with the targeted campaigns previously linked to Magecart operations.

Who has been affected by Magecart malware?

But now they are becoming popular with an increase in cyber attacks on giant e-commerce sites. He also uncovered credit card skimming codes placed on many third-party web suppliers including AdMaxim, CloudCMS, and Picreel.

Even the websites that are present in the top 2,000 of Alexa rankings such as Ticketmaster and Newegg were also not spared.

The consumer accounts of British Airways, Vision Direct, and other such e-commerce stores were also found hacked.

Britain’s Information Commissioner’s Office (ICO) fined British Airways with £183 million for failing to protect the personal data of their half-million customers last year. 

What vulnerabilities does it prey upon?

Code that is developed by you and runs only on your site is called first-party code. But code that comes from other companies is called third-party code. 

Many store owners are not aware of this and integrate the code from other companies. This permits the outside code to display messages to your users, exfiltrate sensitive data entered by them or even redirect them to another site.

So, when you rely on code that runs on 50 other websites, you can fall into the trap that many retailers have fallen into, and Magecart attackers prey on. A security breach anywhere is a security breach everywhere.

How to protect your e-commerce store from Mageattack?

The good news is that you can protect your sensitive data from this type of malware attack. You need to deploy technology that can monitor and protect sensitive data in real-time.

ServerGuy is actively working to neutralize Magecart infrastructure to minimize the threat. You can go for our managed Magento Hosting services to ensure you don’t suffer the same fate. 

Posted by Editor