Magecart have gotten smarter with their global card-skimming tactic

January 7, 2019
Magecart have gotten smarter with their global card-skimming tactic

In the wake of Ticketmaster UK’s website hacking by the infamous Magecart threat group just weeks ago, researchers have discovered how they managed to pull this no-easy-feat off: by hacking their third-party suppliers first.

Magecart have already attacked over 800 e-commerce sites to date, and a huge of them can be credited to their employment of this said credit card skimming strategy. They use a malicious digital card skimmer and inject it to third-party suppliers source code – a tactic called as supply chain attack.

Now that the third-party supplier is unknowingly infected by the credit card skimmer, it then goes to its corresponding destination. That’s what happened to Ticketmaster UK when their supplier (Inbenta Technologies) got hacked. No matter how much safety security net Ticketmaster website has – it will still allow its third-party partner on its database. Unfortunately for them, Inbenta Technologies was already infected, and the infection carried on to Ticketmaster UK.

By targeting suppliers instead, it is easier and more widespread than painstakingly hacking through a single well-guarded website. After all, a third-party supplier usually supplies web services to different websites simultaneously. Just attack one, and you get several websites – that’s how Magecart think nowadays. And they instinctively understand that top websites can’t just easily ditch their third-party partners. They need them. Part of a website’s customer-journey appeal comes from useful and state-of-the-art web interface that they bought from a third-party supplier. Ditching them simply means a plummet in customer experience quality.

Other hacked third-party suppliers were PushAssist and AnnexCloud, both of which are analytics firms. The marketing firm Clarity Connect was compromised as well.

Ross Brewer of LogRhythm once said that you are only as strong as your weakest link. It meant the critical importance of third-party suppliers’ security. Any defense wall a website has in place is rendered useless when not taking this warning seriously. Businesses should remember to always take care and secure their third-party suppliers.

About the author

Leave a Reply