A new Magecart attack aimed at French advertising agency Adverline, has been discovered by RiskIQ. This new Magecart attack steals customer credit card details by compromising a content delivery network for ads so that any website loading the script from the ad agency’s ad tag would also be loading the digital skimmer at the same time.
Experts Comments below:
Mike Bittner, Digital Security and Operations Manager at The Media Trust:
“This new malware strain is just one more indication of how sophisticated and organized bad actors have become. It has not only affected the French ad agency, but at least two large digital ad technology vendors, who saw a malicious domain pop up in their payment pages, but were able to thwart the infection by continuously monitoring their digital ecosystem for unauthorized code and terminating the malware at its source. Other players along the supply chain should be just as vigilant, especially retail sites at the receiving end of infected ads and whose users will inevitably be affected. If EU consumer information is stolen, affected companies could face GDPR fines.”
Matan Or-El, Co-Founder and CEO at Panorays:
“This new attack underscores the need for enterprises to constantly assess and manage the risk from third parties and the supply chain. A crucial tool for enterprises would be a system that automates this process and shines the light on those vendors and partners who pose the biggest threat to an enterprise data.”