Expert Insight: Magecart Attack On Macy’s Was Customized

The Magecart attack on Macy’s was so sophisticated it was customized specifically to the store’s website and targeted not only checkout, but also digital wallets according to RiskIQ as reported by CSO.

Previous detail of our expert commenray on Macy Breach is here.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mike Bittner
Mike Bittner , Associate Director of Digital Security and Operations
InfoSec Expert
December 20, 2019 8:45 pm

While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code. Bad actors know they can count on many site operators to leave open the same entry points either through bad configuration, poor security measures, or both. Until businesses take third-party code risks more seriously and continually monitor third-party code to keep out unauthorized activities, these attacks will continue simply because their success is almost guaranteed.

Last edited 2 years ago by Mike Bittner
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x