As Summer ‘21 comes to an end, let’s take a look at some victims of these Magecart or Magecart-style attacks and learn how to prepare for the holiday shopping season that is rapidly approaching. According to research group Gemini Advisory, at least 10 client-side attacks took place in just June, July, and August. These attacks, while running on various sites, managed to skim approximately 38,000 payment cards.
June ‘21
Looking at June of 2021, we find four notable client-side attacks on a variety of ecommerce sites. These attacks, while small in size, show that client-side vulnerabilities are being exploited wherever they are found. The sites known are below:
July ‘21
In July of 2021, we know of three attack discoveries and disclosures. They are listed below.
One of which, Savory Spice, was active for three years before investigations were completed. According to the breach notification letter, the attack was active from April 2018 until March 2021. More troubling than the three-year attack time frame is that in October 2020 the company learned of the Magecart attack but took over five months to remedy the issue (March 2021) and another three months to complete the investigation (July 2021). This timeline, if anything, proves that relying on detection tools, scanning tools, or other non-preventative measures may give years of life to an attack that can be prevented with the right solution.
August ‘ 21
The month of August has seen a variety of attacks from your standard Magecart skimming to pre-packaged scripts bought on the darkweb. Below are the three attacks currently disclosed in August.
Billar
The next attack in August to pay attention to is from Cornhole Antics. As of this writing, this site is still infected with a pre-packaged Magecart attack authored by “Billar” and sold on the darkweb for $3000. This attack package includes:
- A unique way of receiving, implementing, and executing malware code
- Cross-browser obfuscated data transfer
- MaxMind GeoIP integration
- An admin panel that possesses enhanced security to defeat brute-force and DDoS attacks
- 24/7 support and flexibility for any customers’ needs
The pre-packaged attack is one which uses the advanced technique of hiding code in an image. Specifically the favicon. This technique is known and can even be blocked by antivirus software such as Norton.
In this Summer of Magecart both new and old techniques have made themselves available to attackers looking to pocket some quick coin both physical and digital. With around 38,000 cards known to be compromised by attacks disclosed this summer, over $300,000 worth of payment card information is available on the dark web.
Solutions which only detect and scan for these attacks cost your business money, time, and brand damage. Source Defense’s real-time prevention technology stops these attacks from succeeding, allowing your business to stay on track and on target. Click here for a demo of the Source Defense solution in hopes that we soon see the “Fall” of Magecart.
Correction, 9/7/21: This post has been updated to remove a reference to infections involving Coinhive malware, which were reported erroneously in other sources and cited here. Source Defense regrets the error.