Go to listing page

Over 10,0000 eCommerce Sites Fall Prey to Magecart Attacks

Over 10,0000 eCommerce Sites Fall Prey to Magecart Attacks
The payment card fraud market was greatly impacted by various disruptions in 2022, one of which was the widespread use of Magecart e-skimming. According to a recent report, this type of attack infected nearly 10,000 different eCommerce websites at some point during the year.

Some stats your way

  • Nearly 60 million compromised payment card records were posted for sale on dark web platforms in 2022, of which 45.6 million were classified as Card-Not-Present (CNP), meaning they were obtained during online eCommerce transactions.
  • Another 13.8 million Card-Present (CP) payment card records were also offered for sale on dark web carding shops.
  • Recorded Future identified 1,520 unique malicious domains involved in the infection of 9,290 unique eCommerce websites at some point during the year.
  • Full Primary Account Numbers (PANs) for at least 20.5 million compromised payment cards were posted in plaintext or as images on various resources such as dark web forums, pastebins, and social media.
  • Twenty-one card checker services were found to have abused 2,953 unique merchants associated with 660 unique Merchant Identification numbers (MIDs) for illicit card checks.

Discovery of new attack vector

Researchers studied a malware server of a Magecart campaign that used the HTTP referrer header in requests to restrict the download of malicious scripts.
  • Attackers injected links to malicious JS files into the eCommerce shops, but the server hosting these files only sent the malicious scripts when:
  • HTTP referrer headers were present; and
  • their value reflected the infected eCommerce websites.
  • This technique was likely designed to impede security analysts during mitigation efforts.

In addition to that, they continued to exploit Google Tag Manager containers during the year, which is a legitimate web service used for marketing, collecting website usage metrics, and tracking customer online behavior. Over 890 eCommerce domains were infected by these Magecart variants.

The bottom line

The payment fraud process is similar to a functioning market with supply chains, exchanges between buyers and sellers, and other services. High levels of organization in this market increase the chances and impact of card fraud, but also provide a wealth of data. To prevent fraud, researchers recommend companies involved in card issuing, acquiring, and merchant services should use threat intelligence and implement proactive measures.
Cyware Publisher

Publisher

Cyware