Magecart strikes again – new research from RiskIQ

Research by RiskIQ has linked the credit-card skimming group Magecart to the breach of online electronics dealer Newegg, which has expanded into the UK market in the past year. In a blog published today, RiskIQ has revealed new research showing that the attackers were able to integrate the website’s payment system and blend in with the infrastructure, staying there between August 14th and September 18th, leading to customers having their credit card details get skimmed.

Magecart has also been linked to the theft of credit card credentials used by customers of Ticketmaster, British Airways, and most recently the Filipino broadcaster ABS-CBN this year alone.

Please find an excerpt of the blog below, and the full post here: https://www.riskiq.com/blog/labs/magecart-newegg/

“Magecart attacks are surging—RiskIQ’s automatic detections of instances of Magecart breaches pings us almost hourly. Meanwhile, we’re seeing attackers evolve and improve over time, setting their sites on breaches of large brands. While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious, performing cunning, highly targeted attacks with skimmers that seamlessly integrate into their targets’ websites.

“The attack on Newegg shows that while third parties have been a problem for websites—as in the case of the Ticketmaster breach—self-hosted scripts help attackers move and evolve, in this case changing the actual payment processing pages to place their skimmer.

“We urge banks to issue new cards or added protection through OTP on cards they can correlate belonging to transactions that occurred on Newegg between August 14th and September 18th.”