Payment successful But credit card Skimmed
Large-scale Magecart campaign targets older Magento platforms to compromise
- Recent research uncovered a new large-scale Magecart campaign which involves eighty websites.
- All of the compromised platforms use older Magento platforms, as they are easy to exploit.
- There is a sudden rise in this type of attacks, as e-commerce website owners continue to ignore software upgrades and security patches.
How they do it?
This indicates that the actors are after heavy wallets, so their targeting isn’t random at all. The malicious code is inserted onto the server-side checkout payment form and is incorporated in the e-commerce site source code. Customers who enter their payment details like credit card information, CVC codes, names, expiration dates, etc.,have this data captured and transferred directly onto the actor’s server. The transactions on the e-commerce website go through as normal, and the platform receives all of the expected transaction reports with nothing else indicating a problem.
Having all this data in their hands, the actors can buy stuff from online shops, pass them through merchandise mules, who finally ship them to the buyer’s destination. This form of activity has been growing in popularity lately, as crooks find it relatively safe, reliable, and very profitable.
- First, make sure that all your web-server is fully patched to their latest versions, this includes everything from operating system level patches, Magento security patches and software all the way to the extensions and third-party code that runs as part of your website.
- Older version plugins are being exploited. Run through the website and disable those extensions that are not entirely mandatory.
- It is recommended that site owners should try to adopt Content Security Policy (CSP) throughout their sites particularly on the critical parts of the website – cart page, checkout page.
- Apply rules that blacklists and blocks requests/responses using known malicious domains / IOCs used by Magecart.
- Have a security expert audit your web code and then implement a security solution that will alert your team when suspicious activities take place on your website. You could use website security monitoring tool such as Sucuri If it is a linux server, Linux audit files could be used to see who made changes to a file.
Magento Security Patches
SUPEE-11155, Magento Commerce 220.127.116.11 and Open Source 18.104.22.168 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities. Learn more
Need help to implement Magento security enhancements in your website? Please feel free to contact us .