Over 2 Million Magecart Detections

Uploaded on 2019-10-07 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

RiskIQ has released research highlighting the explosive growth of Magecart.  The cyber-crime syndicate comprised of dozens of subgroups that specialise in cyber-attacks involving digital credit card theft by skimming online payment forms. 
 
Magecart code has been inserted on millions of sites and compromised the payment information of millions of users. The report titled 'Magecart: The State of a Growing Threat' breaks down the current prevalence of Magecart attacks, as well as several essential trends online merchants should be aware of as the web-skimming epidemic targets their customers at an unprecedented rate. 
 
So far, RiskIQ has detected Magecart skimming code on websites 2,086,529 times. These detections include 18,000 hosts that were directly breached, with many more likely to fall victim this year. With the company's Internet-wide visibility, gained by crawling and passive-sensing the internet since 2010, RiskIQ has one-of-a-kind insight into this rapidly proliferating threat. 
 
This visibility has yielded some of the most significant Magecart discoveries to-date, such as the breaches of British Airways and Ticketmaster and the widespread use of misconfigured Amazon S3 Buckets to spread malicious code. It now provides an invaluable snapshot of the state of digital web-skimming. 
 
According to the report, the most significant factor in Magecart's rise is that site owners' lack visibility into the code running on their site. The research found that the average breach lasts over two weeks, with many lasting much longer than that. 
 
"Quietly, Magecart is eating away at the e-commerce industry because website owners lack visibility into the code that's running on their site," said Yonathan Klijnsma, head researcher at RiskIQ and leading expert in Magecart research....
This is a bigger problem than most people realise, as skimming code can exist on a breached website for weeks, months, or even indefinitely, victimising any visitor that makes purchases on that site." 
 
Other insights include:
 
• 17% of all Malvertisements detected by RiskIQ contain Magecart skimmers
• The average length of a Magecart breach is 22 days with many lasting years, or even indefinitely.
• Shopping platforms such as Magento and OpenCart are the lifeblood of many Magecart groups. RiskIQ has detected 9,688 vulnerable Magento hosts.
• Magecart infrastructure is vast, with 573 known C2 domains, and 9,189 hosts observed loading C2 domains. 
• Because Magecart skimmers stay on websites for so long, threat actors are purchasing Magecart infrastructure that's gone offline to assume access to these breached sites. 
 
RiskIQ:      Sansec.io
 
You Might Also Read
 
Hackers Invade Routers To Steal Payment Card Details:
 
« A Cyber Compliance Economy
60% Of Organisations Have Been Attacked - Some Don’t Even Know It »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

USNA Center for Cyber Security Studies

USNA Center for Cyber Security Studies

The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

Cybero

Cybero

Cybero offers professional corporate cybersecurity training tailored to your business requirements.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.