New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks

[harlan4096]

RiskIQ has tracked Magecart and exposed their attacks for years. Now, the term is top-of-mind in the security community and beyond, with a Google search of ‘Magecart’ returning over 170,000 results. In fact, the group of digital credit card-skimming gangs gained such notoriety throughout last year that WIRED named Magecart in its list of “Most Dangerous People On The Internet In 2018.”

With the threat of Magecart looming large, RiskIQ receives a continuous flow of questions from businesses looking to protect their attack surface; law enforcement tracking each Magecart group, reporters covering Magecart activity, and other vendors looking to leverage RiskIQ’s unique web forensics data which enabled us to disclose Magecart attacks against Ticketmaster, British Airways, Newegg, and more.

Unfortunately, Magecart is only becoming a more significant threat as it scales and evolves faster than ever, but we will continue to track Magecart activities and new groups as they emerge. This report details another attack campaign occurring over the past months that used a third-party supply chain attack, a tried and true Magecart tactic used in Group 5’s breach of Ticketmaster.

Web-based supply chain attacks compromise vendors that supply code often used to add or improve site functionality. This code integrates with thousands of websites, so when it’s compromised, the sites of all of the customers that use it are compromised. This gives Magecart access to a wide range of victims at once.

Full reading: https://www.riskiq.com/blog/labs/magecart-adverline/