By: Mastercard Security Research Team

A new Magecart-style campaign has been identified where attackers hide digital skimming infrastructure in compromised yet seemingly trustworthy websites. These attacks, which aim to steal credit card details and personal information, often go undetected for long periods.


 

What is this New Attack Style?

The large-scale campaign, identified by Akamai, impacts e-commerce platforms in the United States, the United Kingdom, Brazil, Spain, Australia, Estonia, and Peru. The campaign creates two sets of victims: websites that host the malicious digital skimming code, and websites that become infected with the code. Some of the victims who were used as a host initially, then later became infected with the digital skimming code. Akamai found that 25% of Magecart infections they observed in 2022 remained active into 2023. Detecting digital skimming infections can often be difficult without security measures in place, making this a formidable threat for e-commerce sites.

This campaign, along with other newer Magecart techniques, shows how digital skimming has become an increasingly popular attack method over the last decade. These attacks traditionally targeted Magento vulnerabilities but have now expanded to target other e-commerce platforms like WooCommerce, WordPress, Shopify, and others. Merchants are primarily attacked via vulnerabilities in their digital commerce platform or third-party services. According to Tenable, “There were 25,112 vulnerabilities reported in 2022 as of January 9, 2023, which represents a 14.4% increase over the 21,957 reported in 2021 and a 287% increase over the 6,447 reported in 2016.” Unpatched software vulnerabilities are one of the easiest ways for attackers to infiltrate systems. With increasing numbers of vulnerabilities found year-over-year, it’s more important than ever to ensure security measures are in place.

How Can You Stay Protected?

Organizations can protect themselves against digital skimming by ensuring software is quickly patched when updates are available, as out of date software often contains cybersecurity vulnerabilities. Other preventative measures include using tools that monitor for near- or real-time anomalies and unauthorized code changes. Proper control of the services exposed to the Internet is a basic security practice, as unsafe network services and IoT devices are a common vector for compromising systems and networks. Enterprises should limit the systems and services exposed to the Internet to those that are safe and necessary. It is also important to ensure that any third-party providers are protecting information maintain a safe and secure environment.

How RiskRecon Can Help:

It is critical that organizations understand their assets, establish a patching cadence, and continuously monitor third, fourth, and nth parties for different risks. Exploitation of a vulnerability reinforces the importance of regularly patching software. It also reminds organizations how vital it is that third-party suppliers are held to the same standards. Mastercard tools like RiskRecon enable not only own enterprise vulnerability management, but also robust third-party risk and asset management.

To see how RiskRecon by Mastercard can help keep you safe from this and other cyber threats...REQUEST A DEMO.