The ceaseless wave of attacks by threat actors, collectively known as Magecart, indicates the vulnerability of e-commerce sites and apps from a cybersecurity perspective. Research by Cyberpion revealed that companies from a variety of sectors come up short against Magecart attacks.
Diving into the details
The research investigated more than 30,000 bugs over the past two years and discovered that more than 10,000 active sites are still vulnerable to Magecart attacks. In addition, lapses were discovered in organizations revealing security vulnerabilities along their supply chains to their customers.
One of the five top organizations in various sectors—healthcare, energy, retail, and banking—was either vulnerable or exploited.
Over 1,000 e-commerce sites are vulnerable to Magecart attacks, exposing their customers to skimming.
While some exploited or vulnerable organizations have implemented anti-Magecart defenses, they can still be bypassed.
Even though vendor infrastructure makes connected firms prone to fall prey to Magecart, vendors often do not inform about it early enough.
What this implies
Failing to disclose vulnerabilities to customers puts them at risk of a breach. Web skimming has become a huge threat for shoppers and online merchants. The research highlights that most organizations are incapable of dealing with Magecart threats and identifying the vulnerabilities that hackers abuse to conduct these attacks. In the case of organizations, Magecart attacks have become a significant cause of concern as it is challenging to set up a solution at scale.
Latest Magecart instances
Costco found five payment card skimmers in four of its Chicago-based warehouses. While less than 500 customers have been affected by the breach, the attackers could have gained access to their name and card details.
A Magecart group was found hiding the malware within comment blocks and stolen credit card details into images to evade detection. While the attack was not attributed to a particular threat actor, experts surmise that this was the work of Magecart 7 due to overlapping TTPs.
The bottom line
Prevention of Magecart threats requires an ever-evolving security posture. Enterprises should identify strategies and tactics to detect injected skimmers and block the attacks proactively. While third-party risk management is a crucial step, it alone is not sufficient. Detecting and blocking malicious behavior is the key.