Experts Insight On Magecart Attack

By   ISBuzz Team
Writer , Information Security Buzz | Mar 19, 2020 03:35 am PST

Researchers have uncovered a Magecart Group 8 attack against blender vendor NutriBullet that installed credit card stealing malware on the company’s website. Security experts provide insight into this attack.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Lamar Bailey
Lamar Bailey , Senior Director of Security Research
March 19, 2020 12:02 pm

Credit Card Skimmers are not just for gas pumps and ATMs. We see them on the internet pretty often since it has become harder to infiltrate a database to gain all of the credit card information. Using skimmers, attackers can intercept the card data before it is transferred and encrypted in the database and, since attackers are getting these numbers in real time, the vast majority of the cards are good to spoof. If a database is breached, a percentage of the cards are no longer valid because they have been replaced or expired, so this data stream is more reliable. Websites, especially those serving as market fronts, should be under strict change control. Any modifications should be traceable to an approved and expected change. If the modification is not, it should automatically be rolled back and an investigation should immediately take place.

It is still a major issue when trying to contact organisations to take responsibility disclose security concerns. Every site should have a contact page for security concerns!

Emailing or calling support is often very frustrating and leads to a dead-end. The front line support engineers don’t understand the gravity of the situation or have no idea how to route the concerns to the correct group. We often try to contact company leadership via email or LinkedIn but many of these attempts go unanswered because they are assumed to be SPAM or sales tactics.

Last edited 4 years ago by Lamar Bailey
Javvad Malik
Javvad Malik , Security Awareness Advocate
March 19, 2020 11:49 am

Magecart attacks continue to inject themselves into payment portals on websites, and show no signs of slowing down. It is why it\’s important for organisations to embed a culture of security so that each team takes on the responsibility not just to embed security in design and deployment – but factor in continuous security assurance so that any unauthorised changes can be quickly detected and investigated. The fact that the website has been compromised 3 times in as many weeks would indicate some underlying flaw that needs to be addressed urgently.

Last edited 4 years ago by Javvad Malik
Ameet Naik
Ameet Naik , Security Evangelist
March 19, 2020 11:37 am

Magecart attacks are reaching fever pitch with multiple attackers using a variety of techniques to compromise websites and steal credit card numbers. This data is especially valuable on the dark web since it includes all the other information needed to use a stolen credit card online, such as CVV codes, phone numbers, email addresses and ZIP codes.

This attack was persistent, with a strong foothold on the website. The attack kept streaming out the stolen data even after several takedown attempts by a third party. Businesses need to be faster to react to attacks in order to avoid negative brand impact and to ensure the protection of customer data. As most consumers are now shopping from home, keeping a safe online shopping experience is a must to businesses looking for continuity.

Last edited 4 years ago by Ameet Naik

Recent Posts

Would love your thoughts, please comment.x