Numerous e-commerce websites vulnerable to Magecart attacks

January 4, 2022
Ecommerce Websites Vulnerable Magecart Attacks Card Skimming Vendor Risk

Recently, a barrage of attacks from the Magecart threat actors revealed multiple critical vulnerabilities in e-commerce sites and applications wherein the website’s defenses are discovered to be incompetent against Magecart attacks.

Experts conducted research and found that about 30,000 vulnerabilities were found within existing websites being prone to Magecart attacks. Also, another 10,000 active sites are still in danger if any attacks. Lapses were also found in companies revealing security flaws along their supply chains going to clients.

 

Sectors like energy, retail, healthcare, and banking were the most vulnerable and exploited organisations by Magecart attacks.

 

About a thousand e-commerce sites are prone to Magecart attacks resulting to sensitive customer data leaking that can result in multiple skimming attempts. As of now, organisations have implemented anti-Magecart defences, but it may be possible that threat actors can still bypass it. More problems occurred when vendors of specific infrastructures were attacked by Magecart but still did not report the problem sooner.

If a vendor fails to disclose vulnerabilities or attacks, it puts their customers at more risks like data breaches and web skimming. Due to this, shoppers and online vendors will both be affected since their most significant threat is skimming attacks. The research also revealed that most companies are incompetent in handling the Magecart threat and identifying the flaw used by malicious threat actors to initiate an attack. Organisations are still struggling to find a better solution to mitigate the effects caused by Magecart.

The attack was discovered recently against several warehouses based in Chicago, Illinois. The attack resulted in five payment card skimmers in four warehouses. Even though only less than 500 clients have been affected by the breach, the threat actors could still have obtained their credentials such as ATM cards, bank details, and names.

The prevention of Magecart attacks needs a constant evolution of security defences. Companies, enterprises, and organisations should constantly observe and implement new strategies to detect skimmers that negates the incoming attacks efficiently. Although third-party risk management is an essential step, it is still not enough to fend off attacks, so the right thing to do is improve detection and block malicious acts.

About the author