Light Dark
January 14, 2020 By David Bisson 2 min read

A website set up to collect donations for the Australian bushfires suffered a Magecart credit card skimming attack.

According to Bleeping Computer, digital attackers used a Magecart credit card skimming script to compromise a website that’s collecting donations for the Australian bushfires. The attack caused a malicious skimmer called ATMZOW to activate whenever a visitor to the site added an item such as a pre-determined donation amount to their cart and proceeded to checkout. When a visitor submitted their payment card credentials, ATMZOW stole the submitted information and exfiltrated it to vamberlo[.]com.

Malwarebytes researchers detected the attack and succeeded in shutting down vamberlo[.]com. This action freed individuals to begin using the site again without fear of having their payment card credentials compromised. Even so, the security firm’s researchers noted that those actors responsible for the attack could reactivate their skimmer by modifying it to work with another domain.

The Growing Threat of Magecart

The compromise described points to the growing threat of Magecart attacks. In October 2019, RiskIQ provided a glimpse into the state of Magecart. The security firm found that 17 percent of malvertisements contained Magecart skimmers and that these scripts, once activated, tended to remain active anywhere from 22 days to many years on the breached sites.

It’s no surprise that the FBI issued a warning about web skimming to small- and medium-sized businesses just a few weeks later in response. Not long thereafter, Malwarebytes observed that malicious actors had begun outfitting their Magecart skimmers with new evasion techniques to make detection of their compromises even more difficult.

How to Defend Against a Credit Card Skimming Attack

Security professionals can help defend their organizations against credit card skimming attacks by adopting a zero-trust model with JavaScript/JScript. Doing so will help block access to sensitive data in web forms commonly found in websites’ checkout processes. Security teams should also avoid third-party code, use extension blacklists and follow other Magecart mitigation tips.

 

 |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 19, 2024

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

December 19, 2024

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature