Magecart Attacks Hit Hundreds Of US Restaurants

Security researchers have found two separate Magecart campaigns that are targeting online ordering platforms in the US. These campaigns are designed for financial gain using Magecart e-skimming software  which enable criminals to exfiltrate payments card details. The attacks have affected at least 311 US restaurants by injecting the software into three platforms - MenuDrive, HarborTouch, and InTouchPOS - all popular domains that host restaurant websites. 

According to Recorded Future, some of those restaurants remain infected and the malicious domains remain active.

As many as 50,000 payment cards have already been identified on the Dark Web as originating from this campaign, and many more may have been exposed. The first campaign targeted MenuDrive and Harbortouch. The campaign began in January 2022 and the attackers hit a large number of partner restaurants using the domain’s services. 

Online ordering platforms for restaurants enable customers to make online food orders and allow restaurants to outsource the burden of developing an ordering system. 

While  well-developed online ordering platforms like Uber Eats and DoorDash dominate the market, there are hundreds of smaller online ordering platforms that serve small, local restaurants, and even small-scale platforms may have hundreds of restaurants as clients. As a result, online ordering platforms have become a high-value target for threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of the restaurants that use the platform.

The second campaign began no later than November 12 2021 and impacted 157 restaurants using InTouchPOS and is thought to have been perpetrated by the same criminals. In total, over 400 e-commerce websites have been infected  since May 2020 and the malicious software could still be present on some of the websites. Customers are advised to be cautious of using their payment card on these sites as the effects of the campaign are not fully mitigated.

When even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cyber criminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack. 

With these risks of Magecart and digital supply chain attacks it is suggested that e-commerce companies, such as restaurants, food delivery companies and their payments providers employ focused solutions to protect users’ accounts. 

Recorded Future:   Oodaloop;   Infosecurity Magazine:   SC Magazine:   KonBriefing:    Corero:   National News:

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Lives Are At Stake As More US Hospitals Are Hacked
Albanian Government Falls Victim To A Large-Scale Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Grypho5

Grypho5

Grypho5 offers managed packages to protect where threat actors strike most. We defend your infrastructure dynamically, leaving you to focus on other priorities.