<img alt="" src="https://secure.wait8hurl.com/197508.png" style="display:none;">
Magecart Attacks
Back to articles
July 01, 2020

What are Magecart Attacks and How Can You Protect Your Business?

Piers McEwan
Piers McEwan
Content writer at Vaimo
Magecart Attacks

It’s the hot topic on the lips of professionals in the cybersecurity and eCommerce space. And it’s growing—by 20% amid the COVID-19 crisis—hurting businesses and customers alike. But what is Magecart? What are Magecart attacks? And how can you protect your business from this cyber threat?

In this article, we’ll get you up to speed on your eCommerce site’s biggest threat and how you can defend against it.

What is Magecart?

Magecart is the name given to a global consortium of at least 8 criminal organisations behind the world’s largest cyber attacks. Also known in the tech landscape as front-end attacks, they're better known as Magecart attacks. 

These attacks use the client-side browser to access any information entered by a customer. The attacks target sensitive customer data (email addresses, passwords and credit card numbers) by injecting malicious Javascript code.

Worryingly, Magecart can even inject brand new fields into a form to collect more information. Customers have no way of knowing that they’re visiting a compromised page, while businesses usually only find out about the change months after the damage has occurred.

Magecart attacks can also target a company’s 3rd party providers. In today’s competitive eCommerce environment, a significant proportion of client-side code consists of third-party scripts to provide the best customer experience possible. These bring huge benefits in that sites are cheaper and faster to develop. However, it also means that website owners are not in complete control of the entire code. A website may have code from 30 different parties that have the same privileges as the owner’s code.

Add in the fact that online shopping is at its highest level ever (particularly in the wake of COVID-19) and you have the perfect breeding ground for Magecart attacks.

How do Magecart Attacks work in Practice?

The Magecart victim list reads like a who’s who of some of the world’s leading brands. Key to note is also the diversity of industries that have been targeted. This highlights the danger of Magecart to all businesses.

Let’s dig into some recent high profile examples:

  1. One of the largest spikes in Magecart instances came in 2018 when Ticketmaster announced that payment information had been stolen from its various websites. Research from RiskIQ found that the breach was a result of Magecart operatives placing skimmers on checkout pages through third-party suppliers. They also attacked third-parties themselves which gave access to over 800 eCommerce sites.
  2. Just in the last week, researchers have warned that the websites of 8 US cities were compromised with card detail-skimming software. In this example, the skimmer only targets payments made through Click2Gov (a self-service portal used to pay utility bills and parking fees). In this case, attackers were targeting credit card details along with name and contact address.
  3. In February 2020, RiskIQ found that Magecart Group 8 had placed a JavaScript skimmer on NutriBullet’s international website to steal credit card information. Despite efforts to remove the skimmer, new versions of it kept appearing, compromising the site for nearly a month.
  4. Airline giant British Airways was targeted in 2018 with the details of nearly 400,000 customers breached. The Magecart attack affected payments on its main site and mobile app between August 21st 2018 and September 5th 2018. As a result, BA was hit with a record £183m GDPR fine after failing to prevent the attack.
  5. Magecart also arrived in the magazine industry with an attack on Forbes. In this instance, attackers injected web-skimming scripts into the subscription website for the Forbes print magazine. Customers that thought they were signing up to get Forbes delivered to their door were delivering their sensitive information straight into the hands of hackers.

This handful of examples shows the extent and potential devastation of a Magecart attack. And as previously discussed, with the increase in online shopping, they’re showing no signs of slowing down. A recent report from RiskIQ has identified a new Magecart group named ‘MakeFrame’ given its ability to make iframes for skimming payment data. To date, this strain of Magecart attack has been found on 19 different sites.

Listen in to hear how the COVID-19 pandemic is fuelling a surge in cyber attacks and what you can do to mitigate against the risk. 
COVID-19 Cybersecurity

The Impact of Magecart Attacks

  • Reputational damage: When it’s customers’ credit card information and personal details at stake, a Magecart attack can be a crushing blow to any business. In the mind of a customer, if they see that your site has been compromised (no matter how long ago), that thought stays with them forever. As we saw in the NutriBullet example, one skimming attempt simply led to another. This recurring nature of Magecart attacks will have customers exiting your site as soon as your business is mentioned in the same sentence as ‘Magecart’.
  • Financial loss: once you’ve lost customer trust then next up is the subsequent impact on your bottom line. Whether it’s due to decreased footfall on your site or because you’re unable to transact while an incident is investigated, Magecart attacks can spell the end of your business.
  • Regulatory issues: it’s not just customers that could drive you out of business after an attack. As seen in the case of British Airways, regulatory and legal ramifications could wipe your business out. And if they don’t, then a fine feeds back into point one—more reputational damage.

How Can you Prevent Magecart Attacks?

The first line of defence against Magecart (or any other cyber-attack) is your people and organisation. In our earlier article, we walked through some of the steps your business needs to take to keep security top of mind to mitigate against attacks. See the article for the full plan, but here are some of the headings to keep in mind:

  • Foster a culture of cybersecurity, where you encourage and incentivise employees to follow good security practices from their first day on the job.
  • Develop security governance documentation, including security policies and a response plan should the worst happen.
  • Invest in employee training so that security is a regular part of your culture. This shouldn’t be a tick box exercise done once a year for those that can make the one session you hold.
  • Make sure that your software, hardware and tools are patched and up to date. And if your employees use their own devices at work, then make sure that these are held to the same standards and that they follow security policies.

Human error accounts for a huge proportion of data breaches. Learn more about educating your employees to keep your business secure.
Cybersecurity Education


Protect Against Magecart with Vaimo’s Data Breach Monitoring

Following the above steps are crucial in keeping you and your customers safe. But as we’ve seen, Magecart attacks present a new and complex set of challenges.

  1. They are almost impossible to detect with the naked eye.
  2. Given point 1, they can take months to detect, by which time your site is already compromised.
  3. Even when removed, malware might not be secured, meaning it can get back into your online store (as seen with Nutribullet).

To halt Magecart attacks in their tracks, you need to leverage digital security technologies. Vaimo’s Data Breach Monitoring Tool detects when your site has been compromised and immediately alerts Vaimo and yourself to take action. It does this by running scripted user journey tests at regular intervals during the day and comparing all the outgoing server addresses to the whitelisted addresses on your site. As a result, you can reduce the possible impact caused by a breach to minutes instead of days, weeks or even months.

You can either read more about data breach monitoring tool here or watch a webinar to understand how does it help to protect your company against data breaches.

Olga Gutenko

OLGA GUTENKO

BUSINESS DEVELOPMENT MANAGER FOR SECURITY

Any questions? Feel free to reach out to me directly! 

E: olga.gutenko@vaimo.com 

Let's talk through your options

Get in touch with our team today if you’d like to learn more about safeguarding the digital security of your business and your customers with our Data Breach Monitoring Tool.