Over a year ago, you likely would never have heard of the term Magecart.
Even now, you may never have heard of this term. And yet, it is a growing issue in the realm of e-commerce and cybersecurity.
Magecart is a type of cybercrime by which one’s transaction data is intercepted during the checkout process for an online shopping outlet. These attacks are also known as web skimming, digital skimming or formjacking, and they can occur anywhere you could checkout using a digital cart, including retail and restaurants carts.
If you haven’t heard, this week it was revealed that over 50,000 payment cards have been stolen from 300 restaurants since January, and are currently on sale on the Dark Web.
Web skimming is just like physical skimming: your credit card details are stolen so that other people can spend your money. However, online skimming is more effective because it’s relatively easy and cheap to do, it’s harder to detect, and it is near impossible to trace the thieves.
In short, attackers gain access to a store’s server using unpatched vulnerabilities in various popular e-commerce software. Once a store is under the control of an attacker, malware is installed that funnels live payment data to a collection server. One common example of this malware is a keylogger, which operates transparently, so customers and the merchant notice no apparent changes.
Skimmed credit cards are then sold on the dark web for $5 to $30 each and subsequently used to steal money.
The name Magecart is a portmanteau of Magento and shopping cart. Magento dominated the ecommerce landscape from 2010 to 2020, during which the whole criminal business of web skimming started. Magecart is now synonymous with web skimming and formjacking, referencing the name of its biggest victim.
The earliest Magecart attack appears to be in 2010, though the first mass-executed attack took place in 2015.
There are obvious consequences for shoppers, but even more for businesses:
- Theft of personal information: While the primary target of Magecart attacks is credit card information, attackers can also steal personal information. This can potentially affect millions of shoppers.
- Revenue loss: A small to medium-sized eCommerce retailer previously breached by Magecart may see a significant decrease in online sales. This is because customers may lose trust in the retailer’s ability to prevent another breach.
- Further infection: If a Magecart group exfiltrates user login and administrator credentials, they can potentially expand the attack to infect additional sites. For example, during the VisionDirect.co.uk breach, a Magecart group infected not only the main site but also the retail sites of seven other European countries.
- Legal and compliance damages: A Magecart attack exposes a company to lawsuits by affected customers, legal penalties if the company is subject to regulations like GDPR, and industry penalties such as a PCI DSS audit and inability to process credit cards.
While there is less that front-end users can do (ensure that the checkout page does not look suspicious and glance through a webpage’s HTML), a greater amount of the responsibility will fall on the business.
There are several key steps that any business with an e-commerce presence should take:
- Restrict access to your online instracture and implement a Zero Trust approach.
- Ensure Multi-Factor Authentication (MFA) is enabled for all users.
- Train staff in appropriate security measures (especially spearphishing).
- Regularly monitor your systems for vulnerabilities and malware.
Of course, that’s a lot of ask for a small- to medium-sized business.
If you’re interested in learning more about how to better protect your business and customers from Magecart attacks and other security risks, contact Tigunia today.
