By Source Defense
In 2022, a staggering 60 million payment card records were put up for sale on the dark web. Of these, 45.6 million were obtained through card-not-present transactions, meaning they were stolen during online purchases.
The notorious group known as Magecart employs various tactics to carry out their campaigns. They use fake payment card forms, exploit legitimate merchant websites to deploy e-skimmers, and cleverly use HTTP referer headers to impede security analysts from finding solutions. One of their tactics involves compromising online ordering platforms, putting merchants who use these platforms at risk.
Magecart, also known as Digital Skimming, targets checkout pages to gather payment information, which is then sent to the attackers’ remote computer. They achieve this by infiltrating third- and fourth-party Javascript code commonly used by websites for functions like shopping carts, forms, analytics, advertising, and social sharing.
Throughout 2022, the Recorded Future® Magecart Overwatch program discovered 1,520 malicious domains involved in infecting 9,290 e-commerce websites at some point. By the end of the year, 2,468 of these websites were still actively infected. This should come as no surprise, as many high-profile Magecart attacks went undetected for months or even years.
How to Stop Magecart Attacks
If you want to know how to stop Magecart attacks cold in their tracks, you first need to understand what makes them tick.
Start With The Browser
In the browser, client-side processes are almost always written in JavaScript. According to our team’s latest intelligence, there are more than 1.7 billion public-facing websites worldwide, and JavaScript is used on 95% of them. Frontend JavaScript code has grown in size by more than 347% for desktop and more than 593% for mobile during the last 8 years and keeps growing.
And therein lies the structural security issue that poses one of the biggest threats to your most critical business channels—protecting your customer data at the point of entry. Javascript is used by all of your 3rd party digital suppliers, including payment card processors, advertising networks, social sharing services, analytics, and more, and it sits outside your security perimeter and is vulnerable to a wide range of attacks.
This code is downloaded dynamically from a remote server, bypassing the traditional security infrastructure, including the website owner’s firewalls and web application firewalls (WAFs). Third-party and fourth-party scripts have an identical level of control as the website owner’s own script. Every script on the page, no matter its origin, has access and authorship capability, meaning it can change the webpage, access all information (including forms), and even record keystrokes and save them.
Most organizations have limited means to dynamically detect any changes to these 3rd party scripts and no means of using server-side security solutions to prevent them from exfiltrating data or executing other malicious activity from the customer’s browser.
Source Defense Stops Magecart Attacks
The Source Defense Client-Side Web Application Security Platform is a powerful system designed to protect against Magecart/eSkimming attacks. With our innovative technology, client-side threats are immediately halted without any effort from your teams. Source Defense employs advanced techniques like real-time JavaScript sandboxing and isolation to prevent attacks, eliminating the need for manual response from analysts.
By employing real-time JavaScript sandboxing, we create virtual pages that isolate third-party scripts from your website. These virtual pages closely mimic the originals while keeping sensitive information hidden from unauthorized parties. We actively monitor third-party script activities on these virtual pages. If the activity is allowed, we seamlessly transfer it to the original page. If it violates your security policy, we keep it isolated and promptly notify you, protecting your site from potential breaches.
Achieve unparalleled peace of mind with our ‘set it and forget it’ security and data privacy solution. Source Defense meets the core requirements of PCI DSS 4.0 under sections 6.4.3 and 11.6.1, ensuring your compliance.
No more restless nights for cybersecurity analysts. Our platform efficiently and automatically manages a critical aspect of their job, allowing them to focus on other valuable activities during the workday.
Gain complete visibility into potential risks with our free website risk analysis. The Source Defense team is ready to help close the gap in your eCommerce security. Act now and protect your business.