Over 2 Million Magecart Detections

Uploaded on 2019-10-07 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

RiskIQ has released research highlighting the explosive growth of Magecart.  The cyber-crime syndicate comprised of dozens of subgroups that specialise in cyber-attacks involving digital credit card theft by skimming online payment forms. 
 
Magecart code has been inserted on millions of sites and compromised the payment information of millions of users. The report titled 'Magecart: The State of a Growing Threat' breaks down the current prevalence of Magecart attacks, as well as several essential trends online merchants should be aware of as the web-skimming epidemic targets their customers at an unprecedented rate. 
 
So far, RiskIQ has detected Magecart skimming code on websites 2,086,529 times. These detections include 18,000 hosts that were directly breached, with many more likely to fall victim this year. With the company's Internet-wide visibility, gained by crawling and passive-sensing the internet since 2010, RiskIQ has one-of-a-kind insight into this rapidly proliferating threat. 
 
This visibility has yielded some of the most significant Magecart discoveries to-date, such as the breaches of British Airways and Ticketmaster and the widespread use of misconfigured Amazon S3 Buckets to spread malicious code. It now provides an invaluable snapshot of the state of digital web-skimming. 
 
According to the report, the most significant factor in Magecart's rise is that site owners' lack visibility into the code running on their site. The research found that the average breach lasts over two weeks, with many lasting much longer than that. 
 
"Quietly, Magecart is eating away at the e-commerce industry because website owners lack visibility into the code that's running on their site," said Yonathan Klijnsma, head researcher at RiskIQ and leading expert in Magecart research....
This is a bigger problem than most people realise, as skimming code can exist on a breached website for weeks, months, or even indefinitely, victimising any visitor that makes purchases on that site." 
 
Other insights include:
 
• 17% of all Malvertisements detected by RiskIQ contain Magecart skimmers
• The average length of a Magecart breach is 22 days with many lasting years, or even indefinitely.
• Shopping platforms such as Magento and OpenCart are the lifeblood of many Magecart groups. RiskIQ has detected 9,688 vulnerable Magento hosts.
• Magecart infrastructure is vast, with 573 known C2 domains, and 9,189 hosts observed loading C2 domains. 
• Because Magecart skimmers stay on websites for so long, threat actors are purchasing Magecart infrastructure that's gone offline to assume access to these breached sites. 
 
RiskIQ:      Sansec.io
 
You Might Also Read
 
Hackers Invade Routers To Steal Payment Card Details:
 
« A Cyber Compliance Economy
60% Of Organisations Have Been Attacked - Some Don’t Even Know It »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Rwanda Information Society Authority (RISA)

Rwanda Information Society Authority (RISA)

RISA is at the forefront of all ICT project implementation, research, infrastructure and innovation within the ICT sector in Rwanda.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

IONOS

IONOS

IONOS is a leading provider of cloud infrastructure, cloud services, and hosting with more than 8.5 million customers contracts.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.