December 14, 2018 By Shane Schick 2 min read

An online retailer was hit by a JavaScript attack from a group associated with Magecart, a collective of cybercriminals that specializes in skimming credit card numbers from compromised websites, according to malware researchers at BroadAnalysis.

BroadAnalysis did not reveal the name of the online retailer in question, but posted a series of screenshots that showed the network traffic, index page and four different sniffer scripts used in the attacks. These included an exfil script, a loading script and a base64 string that linked the compromised site and stolen payment credentials back to the threat actor’s site.

The JavaScript attack is typical of Magecart, which has been linked to similar attacks aimed at e-commerce platforms such as Magento and OpenCart.

Skimming at Sotheby’s and Others

The discovery of the four different credit card skimmers comes less than a month after the auction house Sotheby’s sent a statement to several IT security publications about a similar Magecart attack against its Sotheby’s Home website (formerly Viyet) discovered in early October. The firm warned that the JavaScript attack may have been running and stealing customer payment data since March 2017.

Another security research report, meanwhile, suggested that a Magecart group has evolved its use of skimming tools to not only steal customer credit card data, but also website administrator credentials. This involves adding other keywords into the skimmer code to look for admin logins and passwords as well as the payment forms on e-commerce sites. Researchers discovered the technique in the analysis of a skimming campaign against an optical retailer’s e-commerce site.

How to Protect Your Organization From a JavaScript Attack

Although Magecart attacks can happen at any time, retailers should be particularly vigilant about this sort of JavaScript attack as more consumers turn to online purchases during the busy holiday shopping season.

Defending against this kind of threat starts with applying common best practices, such as limiting access and privileges for critical systems and hardening underlying web servers. Beyond that, organizations should also deploy change monitoring and detection technologies that can alert security teams of unusual activity, such as a change in their e-commerce web pages.

Sources: BroadAnalysis, SC Magazine, RiskIQ

More from

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes. After the Log4Shell vulnerability, securing open-source software became a top priority for the federal…

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today