Consumers May Lose Sleep Over These Two New Magecart Breaches (Mar 20, 2019)
RiskIQ researchers have identified that the financially-motivated threat actors referred to as "Magecart," have breached two companies. The affected companies are the mattress company "Amerisleep," and pillow company "MyPillow." At the time of this writing, researchers note that of the two incidents "[o]ne has been resolved but was never disclosed and another is ongoing despite numerous attempts by us to contact the affected retailer." Magecart actors targeted the companies' websites and injected scripts designed to steal payment data. Amerisleep was targeted from April 2017 to at least October 2017 and again in December 2018; it is unclear if this campaign is still ongoing. MyPillow was reported to have target with payment skimmers in early and late October 2018, and it was not reported if the campaign is still ongoing.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.