No Summer Break for Magecart as Web Skimming Intensifies (Aug 1, 2019)
Research published from Malwarebytes shows an increase in attacks that are attributed to the financially-motivated threat actors referred to by the umbrella term “Magecart.” The approximately 12 groups that Magecart consists of have continued their attacks throughout the summer with the objective of stealing financial data and Personally Identifiable Information (PII). multiple groups who targets online commercial websites and use skimmers to obtain credit card credentials. Over 65,000 attempts to steal credit card numbers were identified in July by Malwarebytes. With the increase spread of Magecart attacks, more are using forms of obstruction, such as encrypting their traffic to attempt to make it more difficult to detect skimmers.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.