Old Magecart Domains Come Back To Life

Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Now old Magecart domains are finding new life in subsequent threat campaigns, many of which are entirely unrelated to web skimming. 

Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information

Shopping carts are attractive targets because they collect payment information from customers. The Magecart hacker often substitutes a piece of Javascript code, either by altering the Magento source or by redirecting the shopping cart using an injection to a website that hosts the malware. 

Magecart is known to have been active since 2016 and is quite prolific. Now RiskIQ has just released research Report that exposes the hijacking and reuse of decommissioned domains used in Magecart web-skimming attacks by a secondary market of cybercriminals. 

This Report explains how Magecart has so radically changed the threat landscape, victimising hundreds of thousands of sites and millions of users, that other cyber-criminals are now building campaigns to monetise their handiwork. These secondary actors know that websites breached by Magecart are likely still making calls to domains once used for skimming and exfiltrating credit card data. Once registrars bring these campaigns back online after they were sinkholed or otherwise deactivated, these scavengers buy them up. 

Their goal is to use them for malvertising and other threat activity, monetising the traffic going to the breached websites on which these domains remain.

These secondary actors are likely experienced in affiliate marketing and fraud and are buying up domains they know lead to a lot of traffic. While ads themselves aren't malicious, they are exploiting the vulnerabilities in websites. In the future, threat actors may also engage in other schemes and threat activity far more malevolent than advertising.

In  the recent British Airways hack, Magecart tailored the attack to the specific system, according to the RiskIQ report. 
“This particular skimmer is very much attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,” the report’s authors wrote.

Magecart is a global phenomenon that’s redefined cyber-security over the past four years. Not only has it victimised hundreds of thousands of sites and potentially millions of users, but it’s also created a secondary market around its infrastructure. 

These secondary markets are likely experienced in affiliate marketing and fraud, and are buying up domains dropped by registrars they know have a lot of traffic coming to them. While the ads themselves aren’t malicious, they are exploiting the vulnerabilities in websites while the site owners don’t benefit. Moreover, in the future, threat actors may also engage in other schemes and threat activity far more malicious than advertising. 

Site owners must maintain visibility into the code on their site, make sure it’s clean, updated, and checked on regularly. RiskIQ works to mitigate Magecart incidents by taking down infrastructure, which disrupts the flow of stolen data. However, this does not keep a website clean forever, dutiful vigilance and maintenance is the only way to prevent being victimised by Magecart and follow-up attacks by secondary markets. 

Google:         CSO Online:          RiskIQ:

You Mght Also Read:

Why Is Retail Cyber Security So Weak?:

Banks And Retailers Track How You Type, Swipe And Tap:

 

« Effective Cybersecurity Requires Both Cyber Training & Insurance Cover
Huawei Will Sell Its 5G Know-How »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

The Cyber Guild

The Cyber Guild

The Cyber Guild is a not-for-profit organization working to improve the understanding and practice of cybersecurity, and to help raise awareness and education for all.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

ABPSecurite

ABPSecurite

ABPSecurite is a leading value-added distributor and a network performance solutions provider.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.