Magecart Attacks Hit Hundreds Of US Restaurants

Uploaded on 2022-07-26 in NEWS-Cybersecurity News, FREE TO VIEW

Security researchers have found two separate Magecart campaigns that are targeting online ordering platforms in the US. These campaigns are designed for financial gain using Magecart e-skimming software  which enable criminals to exfiltrate payments card details. The attacks have affected at least 311 US restaurants by injecting the software into three platforms - MenuDrive, HarborTouch, and InTouchPOS - all popular domains that host restaurant websites. 

According to Recorded Future, some of those restaurants remain infected and the malicious domains remain active.

As many as 50,000 payment cards have already been identified on the Dark Web as originating from this campaign, and many more may have been exposed. The first campaign targeted MenuDrive and Harbortouch. The campaign began in January 2022 and the attackers hit a large number of partner restaurants using the domain’s services. 

Online ordering platforms for restaurants enable customers to make online food orders and allow restaurants to outsource the burden of developing an ordering system. 

While  well-developed online ordering platforms like Uber Eats and DoorDash dominate the market, there are hundreds of smaller online ordering platforms that serve small, local restaurants, and even small-scale platforms may have hundreds of restaurants as clients. As a result, online ordering platforms have become a high-value target for threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of the restaurants that use the platform.

The second campaign began no later than November 12 2021 and impacted 157 restaurants using InTouchPOS and is thought to have been perpetrated by the same criminals. In total, over 400 e-commerce websites have been infected  since May 2020 and the malicious software could still be present on some of the websites. Customers are advised to be cautious of using their payment card on these sites as the effects of the campaign are not fully mitigated.

When even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cyber criminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. 

With these risks of Magecart and digital supply chain attacks it is suggested that e-commerce companies, such as restaurants, food delivery companies and their payments providers employ focused solutions to protect users’ accounts. 

Recorded Future:   Oodaloop;   Infosecurity Magazine:   SC Magazine:   KonBriefing:    Corero:   National News:

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Lives Are At Stake As More US Hospitals Are Hacked
Albanian Government Falls Victim To A Large-Scale Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

CyberKnight Technologies

CyberKnight Technologies

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD) headquartered in Dubai and covering the Middle East.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

Clango

Clango

Clango employs an identity-centric approach to optimizing your cybersecurity investment while minimizing risk.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.