Hacker groups that engage in web skimming (also known as Magecart) attacks have breached the web stores of two of the world’s biggest retail chains — accessories store Claire’s and sporting goods retailer Intersport. According to reports published today by security firms Sanguine Security and ESET, hackers breached the two companies’ websites and hid malicious code that would record payment card details entered in checkout forms.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
There are several prevention techniques for Magecart attacks, and of course the attacks constantly evolve. Depending on the size and sophistication of a website, prevention can become very difficult. Deploying a File Integrity Monitoring (FIM) solution on the retailer’s website that detects changes to hosted content/files is a good place to start; however, that doesn’t help if the site relies on third party code for hosted features (such as chat windows, shopping carts, etc). If your site relies on code from a third party that’s been infected, the result is the same.
Data skimming attacks like these underscore the need for online shoppers to remain ever vigilant. I strongly recommend all online shoppers to pay close attention to their monthly statements, monitoring them for suspicious charges. Users should also set up alerts on their credit and debit cards when available, and invest in credit monitoring, which will alert you to skimming incidents like these, as well as more traditional data breaches.
Web skimming attacks like these are particularly effective because victims have no way of knowing that the store pages are infected. Unlike phishing attacks or malware targeting end users, card skimming attacks often can\’t be detected and leave no trace of evidence on the victim\’s device. From a customer\’s perspective, the checkout process looks and functions like it would if it were not infected. Only the website operator can remove Magecart malware. For the attacker, web skimming has the added benefit of ensuring that all of the stolen customer data is valid and up to date, which is often not the case with data breaches in which stolen information can be months or years old.