Experts On New Grelos Skimmer Variant Reveals Overlap in Magecart Activities

Researchers have uncovered a new Grelos skimmer, which demonstrates increased overlaps in Magecart infrastructure and groups making it difficult to separate various campaigns and their collaboration work.

Experts Comments

November 20, 2020
Mark Bower
Senior Vice President
comforte AG
The shift to increasingly online merchant transformation as a result of the pandemic combined with consumers embracing potentially new retailers for out-of-stock items as we enter the holiday season creates the dual-edge sword of retail business growth and increased attack opportunity for criminal groups. The online retail industry can expect to see increasingly obfuscated variants of the magecart skimmers that steal data on web form entry along with more deeply penetrating malware and.....Read More
The shift to increasingly online merchant transformation as a result of the pandemic combined with consumers embracing potentially new retailers for out-of-stock items as we enter the holiday season creates the dual-edge sword of retail business growth and increased attack opportunity for criminal groups. The online retail industry can expect to see increasingly obfuscated variants of the magecart skimmers that steal data on web form entry along with more deeply penetrating malware and ransomware to attack and disrupt the merchant data supply-chain to steal PII, financial, and credit card data. The solution has to be the one-two punch of integrity checking on web sites on a continuous basis to knock out rogue javascript injection, and end to end data protection beyond the web front-end using proven technology including tokenization to render sensitive data useless at the earliest capture point. This potent combination will mitigate these threats and disrupt the attackers own theft-to-darkweb retail business.  Read Less
November 20, 2020
Ameet Naik
Security Evangelist
PerimeterX
One of our predictions for 2021 is that cybercriminal communities will get stronger. The findings about the Grelos skimmer are indicative of the overlap and collaboration between underground communities sharing tools and knowledge. Earlier this year, PerimeterX researchers uncovered Magecart gangs offering skimming-as-a-service toolkits such as Inter, as well as multiple magecart attacks operating on websites simultaneously. It is no longer feasible or useful to identity specific groups given.....Read More
One of our predictions for 2021 is that cybercriminal communities will get stronger. The findings about the Grelos skimmer are indicative of the overlap and collaboration between underground communities sharing tools and knowledge. Earlier this year, PerimeterX researchers uncovered Magecart gangs offering skimming-as-a-service toolkits such as Inter, as well as multiple magecart attacks operating on websites simultaneously. It is no longer feasible or useful to identity specific groups given the extent of the overlap behind the scenes. Website owners must continue to protect their sites and their users’ data by securing their applications and using runtime client-side security solutions. Consumers shopping online must continue to be vigilant about credit card theft and regularly monitor their credit reports.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.