Join me to learn more about Magecart attacks - and how to defend against them

Register for a free webinar discussing the alarming rise in Magecart, and how it can be countered.

Join me to learn more about Magecart attacks - and how to defend against them

If you have been following the security headlines in the last year you cannot fail to have noticed the alarming rise in reports of Magecart.

Magecart is a family of Javascript malware, used to skim credit card data and personal information from innocent internet users as they interact with websites.

Traditionally malware infects users’ computers, opening backdoors through which hackers can remotely access files, steal resources, or spy on their victims.

In a typical data breach, hackers break into company servers, access databases and steal large amounts of information - perhaps including encrypted passwords, email addresses, telephone numbers, and maybe even limited financial information.

CVVWhat you don’t normally see in a data breach, however, is full payment card information stolen.

That’s because most companies don’t store your full credit card details - such as your CVV security code. If they did, data breaches would be much more serious, as it would be easier for hackers to monetise the data that they’ve stolen.

What’s so dangerous about Magecart’s attacks are that it doesn’t matter that a company hasn’t stored your credit card details.

A Magecart attack doesn’t have to break into your customer database. Instead, its malicious script lurks on a company’s website watching the information entered by customers as they checkout from your online shop, and skimming it away.

Typically the malicious code will be hosted on a third-party site, and the webpage’s HTML source code will just contain a single reference running the dangerous script.

In the past six months there have been numerous companies impacted by Magecart, including Ticketmaster, British Airways, Feedify, Umbro, Vision Direct, Newegg… the list goes on and on.

Magecart timeline

Hundreds of millions of customers have been affected. And if you operate a website today, you are most likely susceptible to this type of attack.

So, what are you going to do about it?

Join me on a webinar

You can hear me talk more about the threat posed by Magecart, and hear about the pros and cons of different ways to defend against the threat, in a webinar I am speaking at with the experts from Source Defense.

    Title: Mitigating Magecart Attacks – Why Real-Time Prevention Is Your Best Option
    Date: Wednesday, February 27, 2019
    Time: 12:00 PM Eastern Standard Time
    Duration: 1 hour

Register now, and learn more about these browser session attacks that can silently skim payment data and personally identifiable information. If you can’t attend the webinar “live”, register anyway and I’m sure they’ll send you a link to the recording afterwards.

I’m looking forward to it, and hope to see some of you there.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.