The Magecart attack on Macy’s was so sophisticated it was customized specifically to the store’s website and targeted not only checkout, but also digital wallets according to RiskIQ as reported by CSO.
Previous detail of our expert commenray on Macy Breach is here.
While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code. Bad actors know they can count on many site operators to leave open the same entry points either through bad configuration, poor security measures, or both. Until businesses take third-party code risks more seriously and continually monitor third-party code to keep out unauthorized activities, these attacks will continue simply because their success is almost guaranteed.