MagCart credit card theft campaigns, What can we do?

MageCart hacking group specialising in Digital Credit Card Skimming has been very busy for the past 3 years.  Popping up into the spotlight in the past months with hundreds of thousands of credit cards compromised.  The Magecart aims to compromise online shops with malicious JavaScript code to collects payment card info. The attack seems quite simple (22 lines of code) but extremely effective.  It involves the use of web based malicious code that is injected into the online payment process on e-commerce websites or through compromised third-party payment services providers used by the targets. 

The group either targets the actual company that owns the online e-commerce site and attacks their applications and uploads the malicious code into their site, or hacks into their services providers and upload the malicious code there.  

Here is the 22 lines of code that brought havic into the world of major e-commence services 

According to RiskIQ  800 e-commerce sites around the world have been targeted by the MageCart Group. Magecart victims include: 
  • Popular computer hardware and electronics retailer Newegg. 
  • British Airways website or mobile application 
  • Feedify Push Notifications services 
  • Ticketmaster 
In the case of Feedify, the group embedded malicious code into a Feedify-hosted JavaScript library. Feedify is trusted by +4000 customers around the world.

Also, Volexity was able to verify the presence of malicious JavaScript code limited to a page on presented during the checkout process at Newegg.  The compromised page would collect data, posting it to the attackers site over https to the domain

Recommendations: What can we do?

  • The implementation of strict internal security policies to govern the management and maintenance of online services.
  • Continuous review, monitoring and audit of third party services providers  
  • Continuous review, monitoring and audit of changes to web applications 
  • Continuous review, monitoring and audit of changes to files that are loaded into client browsers to collect information. 
  • The deployment of privilege access management and multi-factor authentication when accessing critical production systems 
  • The deployment of Advanced Web Application firewall that have capabilities of encrypting data in the browser 
  • The implementation of best practices in protection of Web Applications 

Post a Comment