What is a Magecart Attack?
A Magecart attack (also sometimes called digital skimming or e-skimming) is a type of cyber fraud involving the exfiltration of payment information and other types of customer data from businesses selling goods or services via their website. In a Magecart attack, threat actors inject malicious code into the client side of a company’s website to enable them to steal customer data as the shopper enters the information into the online form.
Who or What is Magecart?
The term “Magecart” is a portmanteau of the words “Magento” (a popular, open-source, e-commerce software platform) and “shopping cart.” (The original e-skimming attacks often targeted the Magento software platform.) All Magecart attacks are a type of e-skimming. Hundreds of different threat actors and cybercrime gangs use e-skimming or “Magecart” attacks in their criminal operations. A number of high-profile companies have been victims of Magecart and e-skimming attacks, including a major airline, department store chain, an e-commerce platform, and global event ticketing company. It is important to note, though, that while the big names make the news, most Magecart and e-skimming attacks happen to small- to medium-sized businesses.
How does an attack work?
Magecart or e-skimming attacks typically follow a simple three-step process to inject skimming code into payment card processing pages of the website.
Step 2—The skimming function is executed by the user’s browser, allowing it to steal sensitive information by recording the keystrokes the user types into the form fields. Examples of sensitive information include account credentials, payment card information, and billing information, such as home address and phone number.
Step 3—The information the user types into the form fields is sent to the threat actor’s command & control (C2) server for storage and later use.
Industries Most Affected
Any business that uses their website to capture sensitive personal information, such as user names, passwords, credit card information, sensitive personally identifiable information (PII), health care data, etc., is a target for a Magecart or e-skimming attack. Those industries most at risk are:
- Financial Services & Banking
- Healthcare & Medical
- Ecommerce & Retail
- Travel & Hospitality
- SaaS and Technology
- Communication, Social Media, & Content Producers
- Cryptocurrency Exchanges & Blockchain
Other industries also affected by these types of attacks include:
- Real Estate
- Technology & Cybersecurity
- Distribution & Transportation
- Distribution & Transportation
Loss of Sensitive Customer Information: Magecart attacks can involve the theft of multiple types of customer information, including credit card data and name and address. Depending on the size of the business and the scope of the attack (e.g., multiple entities targeted at once), millions of individuals could be affected.
Profit loss: Previous attacks have demonstrated that business profits will be impacted negatively due to reputation damage and loss of customer trust.
Regulatory and Compliance Issues: Government and industry regulations, such as the Payment Card Industry Data Security Standards (PCI DSS) and the General Data Protection Regulations (GDPR) can subject businesses to lawsuits and fines should business customers be affected by a Magecart attack.
What can businesses do to protect against attacks?
Businesses can reduce the number and impact of Magecart attacks by following these best practices:
Audit web assets: Inventory your web assets and know the type of data they hold.
Regularly scan the client side: Regularly conduct deep-dive scans into client-side applications and software to reveal intrusions, behavioral anomalies, and unknown threats.
Use secure software development practices: Apply software development best practices that aid in the detection and elimination of errors early in the application development process.
Move security to the left: Ensure security is part of the entire software development process—from beginning to end—and just doesn’t happen after a web application is built or installed on a system.
Feroot Prevents Magecart and E-skimming
To learn more about Magecart and e-skimming attacks and how you can prevent them, check out these great resources!