Join me to learn more about Magecart attacks – and how to defend against them

Graham Cluley

Join me to learn more about Magecart attacks - and how to defend against them

Join me to learn more about Magecart attacks - and how to defend against them

If you have been following the security headlines in the last year you cannot fail to have noticed the alarming rise in reports of Magecart.

Magecart is a family of Javascript malware, used to skim credit card data and personal information from innocent internet users as they interact with websites.

Traditionally malware infects users’ computers, opening backdoors through which hackers can remotely access files, steal resources, or spy on their victims.

In a typical data breach, hackers break into company servers, access databases and steal large amounts of information – perhaps including encrypted passwords, email addresses, telephone numbers, and maybe even limited financial information.

CVVWhat you don’t normally see in a data breach, however, is full payment card information stolen.

That’s because most companies don’t store your full credit card details – such as your CVV security code. If they did, data breaches would be much more serious, as it would be easier for hackers to monetise the data that they’ve stolen.

What’s so dangerous about Magecart’s attacks are that it doesn’t matter that a company hasn’t stored your credit card details.

A Magecart attack doesn’t have to break into your customer database. Instead, its malicious script lurks on a company’s website watching the information entered by customers as they checkout from your online shop, and skimming it away.

Typically the malicious code will be hosted on a third-party site, and the webpage’s HTML source code will just contain a single reference running the dangerous script.

In the past six months there have been numerous companies impacted by Magecart, including Ticketmaster, British Airways, Feedify, Umbro, Vision Direct, Newegg… the list goes on and on.

Magecart timeline

Hundreds of millions of customers have been affected. And if you operate a website today, you are most likely susceptible to this type of attack.

So, what are you going to do about it?

Join me on a webinar

You can hear me talk more about the threat posed by Magecart, and hear about the pros and cons of different ways to defend against the threat, in a webinar I am speaking at with the experts from Source Defense.

    Title: Mitigating Magecart Attacks – Why Real-Time Prevention Is Your Best Option
    Date: Wednesday, February 27, 2019
    Time: 12:00 PM Eastern Standard Time
    Duration: 1 hour

Register now, and learn more about these browser session attacks that can silently skim payment data and personally identifiable information. If you can’t attend the webinar “live”, register anyway and I’m sure they’ll send you a link to the recording afterwards.

I’m looking forward to it, and hope to see some of you there.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.