Ian Woolley
Ian Woolley 7 March 2019

Magecart Coming out of the Shadows - How Businesses can Take Action to Protect Customers

Data breaches continue to dominate headlines and there’s no sign of attacks slowing down any time soon. We’re now seeing cyber-criminal groups emerge such as Magecart, who have targeted ecommerce businesses for customer credit card details. Ticketmaster has already fallen to Magecart but other businesses could suffer the same fate.

Magecart is an umbrella term given to at least seven cybercrime groups that insert malicious JavaScript code to collect consumer card data at website checkouts. These attacks, known as a formjacking, could be catastrophic for businesses as they expose customers’ sensitive personally identifiable information (PII), which carries heavy fines under the GDPR legislation and will inevitably damage customer trust.

Yonathan Klijnsma, a threat researcher who has tracked Magecart for more than a year, notably described the group as “the thriving criminal underworld that has operated in the shadows for years”, many e-commerce companies simply didn’t recognise Magecart – until now. RiskIQ’s Black Friday E-commerce Blacklist report found Magecart is thriving, identifying it to be the cause of at least 319,000 cyber incidents in 2018.

Considering Magecart is becoming more prolific, as shown by the alarming rate at which digital credit card skimmers are found to be compromising e-commerce sites, what do businesses need to be aware of about Magecart? Why are these attacks becoming more common and what actions can be taken to reduce the risks?

Magecart emerging from the shadows

Magecart groups are cyber-criminal gangs targeting the e-commerce space by identifying and using known server vulnerabilities and injecting card payment skimming code. The code collects sensitive data such as names, credit card numbers, and security codes on an attacker-controlled server, often for months before being discovered.

This data is sold to criminal gangs on the dark web for a lucrative profit.

Traditionally, hacking groups have used generic code to test for weaknesses in organisations until succeeding. Magecart heavily differentiates itself. The group dangerously adapts by opting for ‘personalised malware’ which is malware designed with a specific victim in mind and modified to attack the intended victim’s particular infrastructure.

Magecart’s versatility means its attacks can also use third-party tools as a way into a company’s system, as seen with the Ticketmaster breach.

However, in the case of the Newegg breach, the website server was directly comprised – Magecart integrated with its payment system, becoming part of the company’s infrastructure. This way, Magecart can find success, as firstly, it’s harder for the business to spot data theft and secondly, by having script sitting on a website, card CVV numbers can be easily captured.

The stakes could not be higher for e-commerce businesses. Recently, Gemalto found that 70% of consumers would stop doing business with a company if it experienced a data breach.

Worryingly, recent Ensighten research also found that nearly half (46%) of enterprises believe they’re on the brink of a website breach.

The current landscape

Magecart’s wide-scale adoption of Javascript, used by an estimated 92% of all websites in 2016, plays a big part in Magecart’s success – especially as JavaScript is used to deploy third-party services onto a website.

Javascript also helps improve the customer experience, offer companies insights into how users are interacting with them via their digital channels, and allow enhanced performance measuring and personalised experiences. However, these benefits have led to many sites relying heavily on third-party JavaScript.

A high-level of trust is placed on third-party technologies as they have access to the client-side of the website, thereby enabling access to everything which happens in a browser, including customer data. This ‘all access’ attribute has given hackers the ability to manipulate the JavaScript code being served by third-party supply chains or directly through the business’ web servers to inject malicious code.

Prevention leads to protection

There are already existing data protection acts in place to safeguard PII data and the onus has been placed on strengthening protection globally. With last year’s introduction of GDPR and the upcoming introduction of the California Customer Privacy Act (CCPA), and already established regulations such as Payment Card Industry Data Security Standard (PCI DSS), damage limitation and incident response are essential.

Only with a firm understanding of Magecart can we look at prevention to help protect businesses against the attacks associated with it. Businesses must turn their eyes inward to their organisations and security strategy.

The key to a robust marketing security strategy, however, is having the right solutions in place to protect data across apps and websites. In the event of a third-party script being compromised businesses that employ website data leak technology can prevent leaks before they take place.

Businesses must scan and monitor their website to see which third-party JavaScript is operating on the site, where it’s being loaded from and what pages these scripts are on so they can take the required action. Quick identification is key and having a prevention strategy in place will reduce the impact of any regulatory sanctions, or brand impact.

If 2018 was Magecart’s coming out party, 2019 is the year the e-commerce industry strikes a blow to the group’s activities. These relatively simple cyber threat measures could be the difference between a thriving business, and one facing debilitating GDPR and PCI DSS sanctions.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
Why Traditional Christmas Marketing Plans Have Been Ripped up for Good

Why Traditional Christmas Marketing Plans Have Been Ripped up for Good

There’s always been that sense that you shouldn’t start Christmas adverting too early; that there’s a time and a place when it’s ok to utter the c-word for the first time each year. It’s traditionally been when John...

Charlotte Beech
Charlotte Beech 15 November 2021
Read more
What Design Features Does Your Ecommerce Portal Lack in 2021?

What Design Features Does Your Ecommerce Portal Lack in 2021?

If you want to update your ecommerce portal design, study this guide to find out about top features for 2021 and make your portal more advanced.

Roman Davydov
Roman Davydov 9 November 2021
Read more
The 3 Most Important Stages In Your Presentation

The 3 Most Important Stages In Your Presentation

If you want to deliver a presentation on a particular topic and you have to prepare yourself for it you should make sure that you go through several very important stages in order to craft a compelling, persuasive and...

Nicky Nikolaev
Nicky Nikolaev 16 February 2016
Read more