The largest pathologist community in the world uncovered a different kind of disease lurking on their online store. A few days ago, the American Society for Clinical Pathology (ASCP) confirmed that they could see evidence of cyber disease compromising their website. The unravelled nasty thing can steal payment card information that their customer used to transact or order on their store. The information that might be stolen includes all pertinent information on the card – account number, card numbers, expiration date, and more importantly, the CVV.
Upon learning of the intrusion on their website, ASCP immediately contacted relevant authorities to assist them in the current situation. The in-depth analysis confirmed that the attack may have been started between the dates of March to November of 2020. The initial report confirmed that they could not see any misused card payment details from possible affected customers. Proactively, they have already issued a notification to their customers that vital information may have been compromised in transacting orders from their website. In addition to their released official statement, the intrusion has already been addressed with a given assurance that they have already implemented a more sophisticated security service to monitor their website to avoid a future breach.
Along with the given notification sent to their customers that their data may have been exposed, ASCP customers were advised to immediately report the incident to their card provider to get more relevant assistance to avoid misuse of their card. Here they may opt to have a new card be issued to them. Else, impose a credit watch to alert the card owner of any transaction when the card details are used. They also provided relevant credit safety company contact for other options. The customer can report possible identity theft or card misused to avoid paying for unauthorized use of the card.
Deeper into the investigation confirmed that the evidence and modus of operation (MO) that attacked the ASCP online store points to the adversary, Magecart group.
The group is a well-known adversary that attacks different online stores, especially those under the small and medium businesses category. ASCP’s online security is very vulnerable as they cannot pay a more sophisticated security software. Magecart group can inject malicious code or compromise an online store to capture card information when a user enters the details on the check out page. The stolen information will then be delivered to the adversary to their secure and untraceable database or encrypted information that they can only decrypt to avoid security software that can analyze such MO.
Relevant authorities and cybersecurity groups have already warned many online businesses about the Magecart activities and explicitly provides an immediate update on the group activities as soon as they expose it ever since Magecart became a notorious cybercriminal group. This is to give awareness to everyone and avoid possible intrusion. They also advised site administrators to ensure relevant security and software updates. Monitoring services must be appropriately planned out and executed to ensure that malicious code injection or the site being compromised can be avoided or be dealt with immediately and prevent further abuse to save the business.