Over 2 Million Magecart Detections

RiskIQ has released research highlighting the explosive growth of Magecart.  The cyber-crime syndicate comprised of dozens of subgroups that specialise in cyber-attacks involving digital credit card theft by skimming online payment forms. 
 
Magecart code has been inserted on millions of sites and compromised the payment information of millions of users. The report titled 'Magecart: The State of a Growing Threat' breaks down the current prevalence of Magecart attacks, as well as several essential trends online merchants should be aware of as the web-skimming epidemic targets their customers at an unprecedented rate. 
 
So far, RiskIQ has detected Magecart skimming code on websites 2,086,529 times. These detections include 18,000 hosts that were directly breached, with many more likely to fall victim this year. With the company's Internet-wide visibility, gained by crawling and passive-sensing the internet since 2010, RiskIQ has one-of-a-kind insight into this rapidly proliferating threat. 
 
This visibility has yielded some of the most significant Magecart discoveries to-date, such as the breaches of British Airways and Ticketmaster and the widespread use of misconfigured Amazon S3 Buckets to spread malicious code. It now provides an invaluable snapshot of the state of digital web-skimming. 
 
According to the report, the most significant factor in Magecart's rise is that site owners' lack visibility into the code running on their site. The research found that the average breach lasts over two weeks, with many lasting much longer than that. 
 
"Quietly, Magecart is eating away at the e-commerce industry because website owners lack visibility into the code that's running on their site," said Yonathan Klijnsma, head researcher at RiskIQ and leading expert in Magecart research....
This is a bigger problem than most people realise, as skimming code can exist on a breached website for weeks, months, or even indefinitely, victimising any visitor that makes purchases on that site." 
 
Other insights include:
 
• 17% of all Malvertisements detected by RiskIQ contain Magecart skimmers
• The average length of a Magecart breach is 22 days with many lasting years, or even indefinitely.
• Shopping platforms such as Magento and OpenCart are the lifeblood of many Magecart groups. RiskIQ has detected 9,688 vulnerable Magento hosts.
• Magecart infrastructure is vast, with 573 known C2 domains, and 9,189 hosts observed loading C2 domains. 
• Because Magecart skimmers stay on websites for so long, threat actors are purchasing Magecart infrastructure that's gone offline to assume access to these breached sites. 
 
RiskIQ:      Sansec.io
 
You Might Also Read
 
Hackers Invade Routers To Steal Payment Card Details:
 
« A Cyber Compliance Economy
60% Of Organisations Have Been Attacked - Some Don’t Even Know It »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.