Automated Magecart Campaign Hits Over 960 Breached Stores (Jul 5, 2019)
Sanguine Security researchers have identified an automated, large-scale campaign in which threat actors installed payment card-skimming scripts on over 960 online stores in approximately 24 hours. Researchers believe that the threat groups, referred to as the umbrella term “Magecart,” are behind this campaign. Although researchers did not specify how the automated attack would work, they believe it is possible that Magecart was scanning for vulnerable online stores in which the data-stealing script would be injected, typically in the websites checkout page. The skimmer is capable of stealing data such as: addresses, “full credit card data,” names, and phone numbers.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.