Compromised by Magecart: Forbes Magazine Subscription (May 16, 2019)
The “Forbes” media company has confirmed that it’s website was compromised by the financially-motivated threat actors referred to by the umbrella term, “Magecart.”. The Forbes magazine subscription website was infected with malicious code designed to siphon credit card information while users attempted to sign up for Forbes paper edition. The information gathered includes: addresses, CVV/CVC security numbers, expiration dates, names, payment card numbers, and phone numbers of users attempting to subscribe. Attackers planted their malicious code on a third-party website with a name related to a legitimate website icon service. This may have been done in an attempt to fool someone examining the source code of Forbes magazine’s website. Fortunately, the domain hosting the malicious code was taken down quickly, neutralizing the attack. A spokesperson for the company stated that it was not aware of any credit card information stolen by the criminals, although an investigation is currently taking place.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.