While buying things on the Internet has steadily gotten more secure over the years, some hackers have been fighting that much harder to intercept your payment info and use it for themselves. Cybersecurity firm RiskIQ reports that a group called Magecart has just performed another such attack, this time on customer review aggregator Shopper Approved.
When RiskIQ first reported on this phenomenon in July, it said ominously, "[W]e discovered that this was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around the world." Targets have included Ticketmaster, British Airways, and Newegg.
RiskIQ's "Threat Researcher" Yonathan Klijnsma says, "Early on the morning of September 15th, RiskIQ received an incident notification regarding Magecart. Although we're notified hourly, this domain (and affected URL) caught our eye."
According to Klijnsma, this attack was particularly interesting because the hackers briefly made the mistake of pasting in all the raw programming code that executes the skim operation, rather than masking it with a technique called code obfuscation. RiskIQ captured the raw code and is doubtlessly going over it with a fine-toothed comb. It also contacted Shopper Approved to help it with remediation (the process of fixing a security breach).
FOLLOW Download.com on Twitter for all the latest app news.
Klijnsma also notes that CDNs (content delivery networks) may cause issues. With a CDN, a third party basically makes a copy of your website (with your approval) and stores it on servers at another physical location, in case your site gets hit with a level of traffic that it can't handle -- or in case the CDN can provide better geographical proximity for the site visitor, which helps with things like video streams and online gaming.
CDNs operate more or less invisibly to the user, because the URL doesn't change, only the physical location of the site's servers. And CDNs store their site copies in what's called a cache -- but these caches may not be updated frequently. If that's the case, someone may go to your site cached in a CDN and see the older version of it that contains malicious code inserted by someone else.
Because of this, RiskIQ recommends that affected websites clear all their CDN caches in the event of a breach like this one.
Klijnsma adds, "Word to the wise: If you own an e-commerce company, it's a best practice to remove the third-party code from your checkout pages whenever possible."
- Cybersecurity firm RiskIQ reports that a group called Magecart has just performed a credit card skimming attack on customer review aggregator Shopper Approved.
- Thankfully, the attack appears to have been limited in scope and spotted fairly quickly. However, this is one of an increasing number of ambitious attacks on online shopping cart systems -- targets have included Ticketmaster, British Airways, and Newegg.
- iOS 12 screen lock bypass has been revealed by security researcher
- Instagram finally launches app-based two-factor authentication support
- Microsoft is expanding its war on weak passwords and beefing up Office 365 security
- Campaign 2018: This simple scam is exposing politicians to hackers (CNET)
- Chinese police arrest hacker who sold data of millions of hotel guests on the dark web (ZDNet)
- British Airways data theft demonstrates need for cross-site scripting restrictions (TechRepublic)