Experts On New Grelos Skimmer Variant Reveals Overlap in Magecart Activities

By   ISBuzz Team
Writer , Information Security Buzz | Nov 20, 2020 02:56 am PST

Researchers have uncovered a new Grelos skimmer, which demonstrates increased overlaps in Magecart infrastructure and groups making it difficult to separate various campaigns and their collaboration work.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Mark Bower
Mark Bower , Senior Vice President
InfoSec Expert
November 20, 2020 11:09 am

The shift to increasingly online merchant transformation as a result of the pandemic combined with consumers embracing potentially new retailers for out-of-stock items as we enter the holiday season creates the dual-edge sword of retail business growth and increased attack opportunity for criminal groups.

The online retail industry can expect to see increasingly obfuscated variants of the magecart skimmers that steal data on web form entry along with more deeply penetrating malware and ransomware to attack and disrupt the merchant data supply-chain to steal PII, financial, and credit card data.

The solution has to be the one-two punch of integrity checking on web sites on a continuous basis to knock out rogue javascript injection, and end to end data protection beyond the web front-end using proven technology including tokenization to render sensitive data useless at the earliest capture point. This potent combination will mitigate these threats and disrupt the attackers own theft-to-darkweb retail business.

Last edited 2 years ago by Mark Bower
Ameet Naik
Ameet Naik , Security Evangelist
InfoSec Expert
November 20, 2020 10:58 am

One of our predictions for 2021 is that cybercriminal communities will get stronger. The findings about the Grelos skimmer are indicative of the overlap and collaboration between underground communities sharing tools and knowledge. Earlier this year, PerimeterX researchers uncovered Magecart gangs offering skimming-as-a-service toolkits such as Inter, as well as multiple magecart attacks operating on websites simultaneously. It is no longer feasible or useful to identity specific groups given the extent of the overlap behind the scenes.

Website owners must continue to protect their sites and their users’ data by securing their applications and using runtime client-side security solutions. Consumers shopping online must continue to be vigilant about credit card theft and regularly monitor their credit reports.

Last edited 2 years ago by Ameet Naik

Recent Posts

Would love your thoughts, please comment.x