[BreachExchange] Magecart Blitz Stuns 962 E-commerce Sites in 24 Hours

[Destry Winant]

https://www.infosecurity-magazine.com/news/magecart-blitz-stuns-962-ecommerce/

Security researchers have discovered another major digital skimming
campaign, this time compromising over 960 e-commerce sites in just a
day.

Sanguine Security, which produces a malware scanning tool for popular
e-commerce software platform Magento, revealed the findings in a tweet
on Friday.

It described the discovery as “the largest automated campaign to date”
– with 962 sites infected with the infamous Magecart code.

That’s far higher than the previous number of 700 online stores and
indicates a highly automated operation, as the attacks happened in a
24-hour period with victims located around the world.

It’s believed the attacks could be the result of hackers exploiting a
vulnerability in Magento.

In March, for example, a critical SQLi flaw was revealed which allows
for remote code execution. Although it was patched by the vendor, it
may still be exposing countless organizations to the risk of attack.

The destructive power of Magecart has been plain to see over recent
months. Just today, airline BA was fined over £183m for failing to
protect its web infrastructure from a Magecart attack last year,
leading to the compromise of personal data on around 500,000
customers.

Multiple attack groups are known to be using the JavaScript skimming
code: some work to target individual sites directly, such as the
attacks on BA and US e-commerce firm Newegg, while others compromise
supply chain partners.

The latter appears to be what happened here: with a possible Magento
flaw providing simple access for attackers to hundreds of sites
running the insecure version of the CMS software.

Sanguine Security has published the new version of the skimming code
on GitHub Gist, although confirmed details on how this most recent
attack worked have yet to emerge.