Magecart Attacks Are Still Around. And They Are Becoming Stealthier

While there aren’t as many Magecart attacks as in the past, hackers are getting smarter and stealthier as to how to find your blind spots. It’s why businesses large and small need to be aware.

Even huge companies, from British Airways to Ticketmaster, have fallen prey to the risk that Magecart presents in recent times. So, how can you protect your company and your data in the process?

First, it’s important to understand their tactics.

For instance, one strategy being used is to embed malicious skimmer code using an image file, like an icon. The malware mimics the icon, which a customer might click on.

It then takes them to a fake .png file in a PHP web shell script that then gives the hacker access to the compromised system and customer information. Essentially, when the customer checks out, the hacker has access to their payment information.

Other techniques used involve creating legitimate-looking websites to fool customers, hiding malicious skimmer code within it, as well as pooling IP addresses. This cuts down on the risk that the compromised company’s servers will be taken down. Even when the company identifies the breach, the hackers can run a hidden system process that restores the malicious skimmer code once the website has been cleaned and relaunched.

Hackers have also started to target third-party providers that companies use for payments, such as PayPal. Since many organizations use these providers to handle customer payment information, hackers see them as a huge source of fresh data to skim and steal.

Another classic example of Magecart activity? Injecting new fields into online forms. This enables the hacker to collect sensitive information. Customers don’t even realize they are visiting a compromised page and companies only find out they’ve been scammed after the damage has occurred.

Second, take steps to protect your company.

While the Magecart hackers are getting more creative, there are some simple ways you can protect your company’s data assets. This includes:

  • Install updates and fixes as soon as possible since they often contain steps to shore up any security weaknesses.
  • Have a third-party complete a regular security audit of your company’s efforts to find any vulnerabilities and make recommendations for fixing them.
  • Prevent data exfiltration if your site is compromised with a Content Security Policy (CSP) header on their web stores.

At Happy Faces Records Management, we make it easy. We can secure and retain data as long as you need it, keeping it out of the hands of possible threats. We can also make sure you are in compliance, streamlining records consolidation in the process. Contact us today to get started.

Leave a Reply

  • (will not be published)