Over 2 Million Magecart Detections

Uploaded on 2019-10-07 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

RiskIQ has released research highlighting the explosive growth of Magecart.  The cyber-crime syndicate comprised of dozens of subgroups that specialise in cyber-attacks involving digital credit card theft by skimming online payment forms. 
 
Magecart code has been inserted on millions of sites and compromised the payment information of millions of users. The report titled 'Magecart: The State of a Growing Threat' breaks down the current prevalence of Magecart attacks, as well as several essential trends online merchants should be aware of as the web-skimming epidemic targets their customers at an unprecedented rate. 
 
So far, RiskIQ has detected Magecart skimming code on websites 2,086,529 times. These detections include 18,000 hosts that were directly breached, with many more likely to fall victim this year. With the company's Internet-wide visibility, gained by crawling and passive-sensing the internet since 2010, RiskIQ has one-of-a-kind insight into this rapidly proliferating threat. 
 
This visibility has yielded some of the most significant Magecart discoveries to-date, such as the breaches of British Airways and Ticketmaster and the widespread use of misconfigured Amazon S3 Buckets to spread malicious code. It now provides an invaluable snapshot of the state of digital web-skimming. 
 
According to the report, the most significant factor in Magecart's rise is that site owners' lack visibility into the code running on their site. The research found that the average breach lasts over two weeks, with many lasting much longer than that. 
 
"Quietly, Magecart is eating away at the e-commerce industry because website owners lack visibility into the code that's running on their site," said Yonathan Klijnsma, head researcher at RiskIQ and leading expert in Magecart research....
This is a bigger problem than most people realise, as skimming code can exist on a breached website for weeks, months, or even indefinitely, victimising any visitor that makes purchases on that site." 
 
Other insights include:
 
• 17% of all Malvertisements detected by RiskIQ contain Magecart skimmers
• The average length of a Magecart breach is 22 days with many lasting years, or even indefinitely.
• Shopping platforms such as Magento and OpenCart are the lifeblood of many Magecart groups. RiskIQ has detected 9,688 vulnerable Magento hosts.
• Magecart infrastructure is vast, with 573 known C2 domains, and 9,189 hosts observed loading C2 domains. 
• Because Magecart skimmers stay on websites for so long, threat actors are purchasing Magecart infrastructure that's gone offline to assume access to these breached sites. 
 
RiskIQ:      Sansec.io
 
You Might Also Read
 
Hackers Invade Routers To Steal Payment Card Details:
 
« A Cyber Compliance Economy
60% Of Organisations Have Been Attacked - Some Don’t Even Know It »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Cyberlytic

Cyberlytic

Cyberlytic applies artificial intelligence to combat the most sophisticated of web application threats, addressing the growing problem of high volumes of threat data.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

New Relic

New Relic

After inventing application performance monitoring (APM), New Relic stands at the forefront of observability with the most advanced platform for eliminating digital interruptions.