11 Jun 2020

FBI’s Warning for Magecart Attacks and How to Prevent Digital Fraud

Ashli LoppNews  

As online shopping has gained popularity over the past decade, open source e-commerce platforms have given new rise to underground criminal activity.

Open Source E-Commerce

Magento, an Adobe Company, has been evolving since 2007 and has been bought and sold by four major developers.  As an open source company, Magento has made its source code public allowing anyone to modify, inspect, or enhance the program.  Open source platforms allow an influx of ideas and business goals, which can speed innovation.  Typically, speed should not be the first priority for any business model, especially when security protocols can be lost or overlooked.

Programmers who have access to a computer program’s source code can improve that program by adding features to it or fixing parts, without restrictions.  Open source platforms allow cyber actors to gain knowledge about the weaknesses of the software.  With public access to a source code cyber criminals can manipulate online shopping websites using e-skimmers.

 

Early Vulnerabilities for Magento

Magento has had exposed vulnerabilities in its early stages and has since tried to defend against

Magecart attacks.  In a detailed article, the FBI warns that Magento e-commerce stores have been under the attack by Magecart Groups by introducing a JavaScript code (e-skimmer) into their websites that will steal your personal information, while filling out payment information.  By extracting personal identifiable information (PII) during checkout your credit card information is stolen, stored and sold by cyber criminals. Here is an expansive list, provided by the FBI, of the top ten vulnerabilities and technical details.

According to an article by Virus Bulletin, In 2014 a criminal group pioneered the new age of digital credit card theft using the browser as its attack vector.  Magecart web-skimmers are officially the next evolution of online card theft and created an entirely new underground economy not only for the sales of stolen credit card data but also for pre-built, out-of-the-box skimmers and compromised websites as a service.

 

Underground Economy

Online consumers are at risk of having their credit card information redirected to a third party website that cyber actors ultimately control.  Once a cybercriminal has attached the JavaScript code (e-skimmer) using HTTP GET requests, they can redirect the website to themselves and store your credit card information for later use.  After the hackers have sniffed out your personal information it can be sold or used to purchase merchandise.  Underground communities and marketplaces selling access to compromised websites are increasingly popular in the cybercriminal ecosystem.

 

Protecting Your Business and Your Consumers

Online business owners should be conscientious of their websites security and have their consumer’s safety as a top priority.  Open source platforms have been compromised for the past ten years and since then e-skimming has the ability move across all platforms.

Here is a list of strategies to protect your online consumers:

  • Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
  • Change default login credentials on all systems.
  • Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
  • Segregate and segment network systems to limit how easily cyber criminals can move from one to another.

 

Consumer Quick Tips

As we navigate online shopping, consumers are equally responsible for understanding the safety of their online purchases.  E-skimming is becoming more prevalent and has created an enormous risk for online shoppers.

The increase of stolen PII is exponential, by understanding the importance of credential security, alternative payment options and avoiding dangerous site links, can help to protect your PII.

Leave a Reply

Your email address will not be published. Required fields are marked *