PayThink

Skimming has gone to a dangerous new level

Register now

Magecart attacks, a form of digital skimming, are among the most serious cybersecurity risks facing websites and mobile applications that payments and financial services professionals need to be aware of.

Magecart attackers steal credit card or bank data directly from the checkout pages on e-commerce websites and resell them on the dark web. This data is typically more valuable because it includes billing info and CVV codes, as opposed to data skimmed from physical skimmers found at gas stations and ATM machines.

In November of 2019, PerimeterX researchers uncovered a new trend of multiple Magecart attacks active on a website at the same time. With the proliferation of attack tools, it is becoming increasingly easier for multiple attackers to target the same websites without necessarily coordinating with each other. This can result in payment data getting stolen by multiple parties at the same time. This further amplifies the risk of data breaches occurring from the client side, exposing e-commerce businesses to brand damage, compliance penalties and lawsuits.

For example, in one of the latest incidents, malicious code was found attempting to steal credit card information from customers making purchases on the e-commerce websites of European skincare brand Perricone MD. Though two groups were competing to steal the data on sites in the U.K., Italy, and Germany, one is believed to have successfully exfiltrated the details. The malicious code was inserted directly into the websites most likely due to a vulnerability in the Magento e-commerce platform running on the websites.

Magecart attacks originally started out focusing on Magento, the shopping engine owned by Adobe, but have since expanded to include all other major shopping cart systems including Shopify and OpenCart.

These attacks often infect the third-party components included on most websites for services such as live chat, advertising or analytics. They also infect shopping cart plugins for WordPress, the world’s most widely used web publishing system.

While it's still in the early days, Magecart attackers could be grouped into affiliated cybercriminal gangs today and with the widespread availability of attack tools, we see many more malicious actors operating independently.

As a result, companies must take steps now to continuously monitor the activities of both first and third-party scripts on their website in order to detect and stop these attacks in real time.

For reprint and licensing requests for this article, click here.