Top online skimming scams, Magecart campaigns have emerged yet again – this time exposing internet transactions at over 300 restaurants – highlighting that this form of digital payments attack is likely to increase as online shopping is increasing and the reach of authors is increasing. .
At least two “separate, ongoing Magecart campaigns injected e-skimmer scripts into restaurant online ordering portals using three separate platforms, MenuDrive, Harbortouch, and InTouchPOS,” according to a July 18 post from Insikt Group, the threat research division for Recorded Future. These “points of sale” and online ordering platforms handle payments for thousands of e-commerce businesses, including hundreds of small local restaurants and take-out food deliveries. Researchers have estimated that at least 311 restaurants have recently been “infected with Magecart e”. -skimmers, a number that is likely to grow with further analysis,” according to the Insikt Group post.
“This Magecart attack on 300 US restaurants is another example of the persistent challenges e-commerce businesses face when securing their sites,” said Kim DeCarlis, chief marketing officer at cybersecurity firm PerimeterX. “Sophisticated attackers understand that websites are made up of a supply chain of code, many of which come from third or nth parties, and will continue to look for ways to steal credit card information by installing skimmers on site and abusing vulnerable code.”
The traditional card skimmer plagued the finance and payments industries for decades – long before e-commerce took off. In the real world of card skimming, financial fraudsters connect an overlay to physical card readers at ATMs or point-of-sale terminals. When an unsuspecting cardholder swipes or dunks their credit or debit card, the fake reader collects all payment data and the PIN, which the thieves then use to make their own fraudulent purchases or sell on the dark web . In recent years, online skimming has become an even more threat, especially as online shopping has exploded in the wake of COVID, retail store closures and expanded internet payment options.
Credit card skimming is transforming in the digital age
Much like their real-world card-skimming counterparts, online skimming groups like those behind Magecart “infect e-commerce websites with e-skimmers to steal payment card data, billing information and personally identifiable information (PII) of online shoppers”. by message from the Insikt group. Online skimmers have been around since the early 2000s; and the so-called “Magecart” coalition of threat actors that has largely focused on skimming online payments was first spotted at least six years ago.
According to Erfan Shadabi, cybersecurity expert at data security firm comforte AG, attacking food delivery services – or, more specifically, their online payment providers and transaction platforms – has become an “increasing trend”. most common” for cyber skimmers.
“Digital credit skimming has undergone a significant transformation since researchers began tracking the phenomenon in the early 1920s,” according to a May blog post from RiskIQ, which noted how the market for such players of the threat has grown considerably.
Data-centric protection needed to guard against skimming
Shadabi said, “Companies in these industries need to apply data-centric protection to all sensitive data in their ecosystem. [including] PII, financial and transactional data as soon as it enters the environment and protects it even when employees are working with this data. »
By “tokenizing any PII or transactional data,” payment platforms can protect sensitive information and preserve the original data format, “making it easier for commerce applications to support tokenized data in their workflows. “, added Shadabi. “They also need to review their enterprise backup and recovery tactics to ensure they can recover quickly if hackers manage to break into their environment and encrypt their enterprise data.”
These online skimming attacks represent yet “another example of the lifecycle of a web attack: the cyclical and continuous nature of cyberattacks, where a data breach on a site, perhaps as a result of an attack Magecart, powers carding, credential stuffing, or account takeover on another site,” according to DeCarlis.
Given the risks of Magecart and digital supply chain attacks in general, DeCarlis also recommended that e-commerce businesses, such as restaurants, food delivery companies and their payment providers “deploy solutions layers that help protect the account and identity information of users anywhere in the world”. their digital journey.