What are Magecart attacks and how can they affect a company?

Some of the world’s largest companies are failing to prevent Magecart attacks according to new research, but what is one?

Magecart is a rapidly growing cybercrime, that comprises dozens of subgroups that specialise in cyberattacks involving digital credit card theft by skimming online payment forms.

It is a style of cyberattack in which hackers compromise third-party code (typically Javascript that runs in browsers) to steal, or scrape, information such as credit card data from web applications (e.g. online checkout software) or websites that incorporate the code. Web skimming continues to be a real threat to online merchants and shoppers with attacks severely impacting organisations including British Airways and Ticketmaster in 2018, Forbes magazine in 2019, plus local US government portals and messaging service Telegram 2020. 

Magecart works by operatives gaining access to websites either directly or via third-party services and injecting malicious JavaScript that steals data shoppers enter into online payment forms, typically on checkout pages.

Magecart operatives either breach sites directly or via supply chain attacks. Supply chain attacks target third parties that supply code to websites. These third parties integrate with thousands of websites, so when one supplier is compromised, Magecart has effectively breached thousands of sites at once.


Some of the worlds largest companies are at risk 

Cyberpion, a cybersecurity pioneer in external attack surface management (EASM), revealed that some of the world’s largest companies across retail, banking, healthcare, energy, and many other sectors, including Fortune 500, Global 500, and governments are failing to prevent Magecart attacks. 

The research analysed more than 30,000 Magecart vulnerabilities over the last two years and found weaknesses in modern security platforms and processes to identify and mitigate Magecart exploits. More than 10,000 Magecart vulnerabilities are still active. 

There were also lapses in enterprises disclosing security vulnerabilities or exploits occurring along their digital supply chains to their customers, ultimately placing all connected organisations at severe risk of a critical breach. 


What did the research find? 

Highlights from the research include: 

  • At least one of the top five enterprises in many verticals—retail, insurance, financial services, pharma, media, security and others—were found to be vulnerable or abused. 
  • More than 1,000 online shops are vulnerable, exposing their customers to skimming. Some of the most popular international newspapers were found to be vulnerable, often via their home page 
  • Lesson not learnt: The exact vulnerability that led to Magecart’s data breach on British Airways could easily be replicated on the sites of other global aviation companies, despite being a simple fix.  
  • Some vulnerable or abused companies do use anti-Magecart solutions, but these could be bypassed.
  • Vendor infrastructure exposes many other connected organisations to Magecart, yet vendors often fail to inform them about it early enough in order for them to take preventative action. In one case, a leading online advertising network affected 15 global insurance brands alongside hundreds of other enterprises. 

“Our conclusion from the analysis is that as of today, organisations fail to face Magecart threats and detect the vulnerabilities and exploits that hackers leverage to conduct these attacks,” said Cyberpion CEO Nethanel Gelernter. Victims are often the last to know as it’s only later that organisations find that their data was sold or exploited, with the problem extending beyond any single vendor or client relationship. For enterprises in particular, Magecart attacks pose a significant challenge because it is problematic to set up a solution at scale.”



Featured Articles

How Microsoft Is Helping Rural Hospitals Get Cyber Secure

Microsoft is giving rural hospitals a hand to help them get their cybersecurity up to snuff to keep them running amid the rising attacks on healthcare

SpiceRAT: Cisco Talo Sound Alarm Over New Trojan

Remote Access Trojans are resurfacing, and Cisco Talo shows they are doing so with increased sophistication

CrowdStrike & HPE: Unifying IT and Security for Secure AI

CrowdStrike and HPE are joining to integrate their Falcon platform and GreenLake cloud and OpsRamp AIOps to give an overview of AI infrastructure

Zscaler and NVIDIA Join to Upskill Zero Trust with Gen AI

Network Security

Gigamon Sound Alarm on Cloud Security as Unseen Attacks Soar

Cloud Security

Helping APAC Curb the Threat of Cyber Attacks

Hacking & Malware