You keep hearing about online data skimming attacks regularly. There was the British Airways fiasco, where customers’ personal and financial information was stolen from the airline’s website and mobile application. This makes you wonder how safe your data is from data skimming malware. The latest among such threats is the one posed by Magecart. To protect your business from Magecart attacks, you need to understand the threat and how it works.
What Is Magecart?
Magecart is the name given to multiple groups of hackers working under the same name rather than a single group of hackers. The method used is to plant malicious code on websites to steal sensitive information when customers make transactions. It could be customers’ email, passwords, credit card details, or addresses.
If you have customers entering sensitive information on your website, then it is best to have a cyber-security consultant help you protect your website and your customers from such attacks.
How Does It Work?
Their malware attacks using the client-side browser to capture personal and financial data as they enter it at the time of checkout. Hackers use two methods to get this information.
The first method is by attacking the website itself, and the second method is by targeting the third-party tags on the site. The purpose is to send malicious Javascript that skims the HTML forms to collect and send data to the hackers’ website.
Magecart attacks follow an established three-step pattern. They are:
Step 1: Get access to your website either through breaking into the infrastructure and placing the skimmer, or using third-party tags on your website, which run the malicious code on your website when customers use these tags.
Step 2: The hackers will then skim your website for sensitive information. They can do this using key-logging and capturing keystrokes of sixteen numbers followed by a date pattern. They can also sniff out form submission and request for the form data, and then plant a fake version of the form on the original form to collect information.
Step 3: Once the malicious code collects this information, it gets sent back to a system controlled by the hackers.
How Long Have They Been Active?
The first known attack was detected in 2015, even though they were active even before that. The notorious group was flying under the radar for a long time and had infected at least 800 e-commerce sites. It was their attack on the Ticketmaster in the UK that brought them into the limelight. They were later linked to the British Airways breach, which affected 380,000 consumers.
How Can Companies Address This Threat?
Since most of the attacks are though third-party tags, it becomes difficult to detect them even if you have regular audits. A more plausible solution is to block access to any sensitive information by default. This includes information on web forms and cookies. This information is shared on a need to know basis with vetted scripts.
How Can I Protect My Information?
The first step towards protecting your information is by using high levels of security. The next step is to keep close tabs on the payment portals you use for credit cards. Use payment systems that generate a unique code for each transaction that cannot be reused.
So, there you have it. The ugly truth about Magecart and the constant threat it poses to millions of people. By making some strategic security changes, you can stop attackers from destroying your brand. If you are a consumer, you must use reputed e-commerce portals and keep a close watch on your credit card transactions. Using other payment systems that generate one-time unique codes is a good idea to avoid being a victim of such cyber-crimes.
