by Source Defense
A new report on payment card fraud shows that a Magecart e-skimmer infected nearly 10,000 unique eCommerce domains at any point during 2022.
According to the Annual Payment Fraud Intelligence Report by Recorded Future, nearly 60 million compromised payment card records were posted for sale on dark web platforms in 2022, of which 45.6 million were classified as card-not-present (CNP)—meaning they were harvested during an online eCommerce transaction.
“Magecart actors launched campaigns that employed fake payment card forms, exploited legitimate merchant web infrastructure to deploy e-skimmers, and used HTTP referer headers to impede remediation by security analysts,” the report states. “One of these campaigns led to the compromise of 2 online ordering platforms, a trending tactic that exposes merchants who use the platforms to the risk of being compromised.”
The Recorded Future® Magecart Overwatch program discovered 1,520 unique malicious domains involved in the infections of 9,290 e-commerce domains at any point in 2022. Of these, 2,468 eCommerce domains remained actively infected at the close of 2022. This should come as no surprise as many of the most high profile Magecart attacks went undetected for months and years.
New Attack Vector Discovered
- HTTP referrer headers were present; and
- Their value reflected the infected eCommerce websites.
According to the report, this technique was likely designed to impede security analysts during remediation efforts.
Hackers continued to exploit Google Tag Manager (GTM) containers during 2022. GTM is a legitimate web service used for marketing, collecting website usage metrics, and tracking customer online behavior. Researchers discovered a total of 891 eCommerce domains that were infected by these Magecart variants.
Top Breaches in 2022
The highest impact compromises in 2022 targeted outsourced online ordering solutions for restaurants and ticketing services, according to the report.
- MenuDrive and Harbortouch, both of which are online ordering platforms for restaurants, were targeted by a single Magecart campaign that resulted in e-skimmer infections for 154 restaurants.
- InTouchPOS, an online ordering platform, was targeted with a Magecart attack that resulted in e-skimmer infections of 157 restaurants.
- Core Cashless, an online ticketing platform used by amusement parks, suffered a client-side attack that exposed payment card transactions from 45 amusement parks.
One of the main reasons for the consistent use of Magecart e-skimmer attacks is the predictable results that hackers can expect. In 2022, for example, the average website targeted by this attack served 5,215 monthly visitors with a conversion rate of 2.5% to 3%.
“If threat actors collect between 130 and 160 cards per month from each of their infected websites and then sell them at an average price of $15 per compromised card, they could easily earn between $1,950 and $2,400 per month per infected website,” the report states. “This enables them to amass substantial criminal profits without sinking time and effort into fraudulent monetization.”
Make Magecart Attacks a Thing of the Past
This is as close to ‘set it and forget it’ security and data privacy that you will see on the market.
Cybersecurity analysts can rest easy at night — and engage in valuable activities during the workday — knowing that a critical portion of their job is being efficiently and automatically managed. Ultimately, the Source Defense platform offers a simple way to manage the 3rd party risk in your digital supply chain and prevent attacks from the client side.
Waiting to act is simply waiting to be attacked. Visibility is the first and most important part of any risk mitigation program. Source Defense is ready to provide you with a free website risk analysis within the next few days. Get moving with the Source Defense team to close of this open gap in your eCommerce security.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.