Magecart strikes again!
Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings.
Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals who inject digital card skimmers on compromised websites, it is not necessary for every one of them to use similar techniques with the same sophistication.
A new report shared with The Hacker News prior to its release details a new supply-chain attack campaign wherein hackers are using shotgun approach instead of targeted attacks to infect a wide range of websites, preferring larger infection reach as possible over accuracy.
Almost two months ago, security researchers from RiskIQ discovered supply-chain attacks involving credit card skimmers placed on several web-based suppliers, including AdMaxim, CloudCMS, and Picreel intending to infect as many websites as possible.
However, upon continuous monitoring of their activities, researchers found that the actual scale of this campaign, which started in early April 2019, is much larger than previously reported.
Magecart Hackers Target Misconfigured Amazon S3 Buckets
“Although the attackers have had lots of success spreading their skimmer code to thousands of websites, they sacrificed targeting in favor of reach,” the researchers told The Hacker News.
“The actors used this technique to cast as wide a net as possible, but many of the compromised scripts do not load on payment pages,” the researchers say.
“However, the ease of compromise that comes from finding open S3 buckets means that even if only a fraction of their skimmer injections returns payment data, it will be worth it; they will have a substantial return on investment.”
If you read The Hacker News regularly, you may already know that hardly a week goes by without hearing about a company that left its sensitive data exposed on the Internet, and unfortunately, most of them are the one that failed to configure [1, 2] their Amazon S3 buckets properly.
Meanwhile, in a separate report released today by the Zscaler ThreatLabZ research team, researchers disclose details of a newly discovered Magecart campaign where attackers are using a sophisticated and targeted approach to steal credit and debit card details from e-commerce sites.
Magecart made headlines last year after payment card hackers conducted several high-profile attacks against major international companies including British Airways, Ticketmaster, and Newegg.
For failing to protect the personal information of around half a million of its customers during last year’s security breach, Britain’s Information Commissioner’s Office (ICO) just yesterday hit British Airways with a record fine of £183 million.