Another Magecart Attack – and it Won’t Be The Last….


Ted McKendall

The security of online stores is under threat like never before. The recent theft of payment details from more than 200 online stores used by US and Canadian colleges and universities has been revealed to be the latest in what security researchers believe to be an increasing trend of JavaScript card skimming attacks.  

In April, hackers modified the North American campus e-commerce platform, PrismWeb, injecting malicious JavaScript code into the checkout and payment pages of 201 of its online stores from where it was able to record users’ payment card details.  

This incident is the latest example of what security experts refer to as a Magecart attack, and follows similar attacks on British Airways, Ticketmaster and, more recently, US-based gardening supplier AeroGrow. Worryingly, however, at the same time as these types of attacks appear to be proliferating, it’s becoming harder to identify the perpetrators that carry them out.   


Diversity and Anonymity  

When Magecart attacks first began back in 2015, they were initially only used to target stores based on the widely-used open-source Magento e-commerce platform. Now though, it looks as if no online shopping platforms are safe. A recently published report identified a number of Magecart attacks against sites using the less well-known OpenCart and OsCommerce online store management solutions, while a separate report highlighted ongoing attacks against sites based on the Shopify and WooCommerce platforms. One multi-functional script was found to have been coded to collect data from an incredible 57 different payment platforms 

What’s more, many of the Magecart groups behind these attacks are no longer focusing simply on the stores themselves, and have expanded their efforts to target the supply chain of third-party widgets, plug-ins and analytics providers these stores use.  

And it’s becoming less easy to find the criminals responsible for these attacks. Where once they could be traced to one particular Magecart group or set of groups, the availability of Magecart skimming kits on the Dark Web means one attack will look very much like another. Without an identifiable signature, these attacks offer security researchers very little clue as to who’s behind them.  


Maintaining Trust 

Magecart attackers have significantly broadened their scope in the five years since they began their operations, and will not hesitate in exploiting any vulnerability that will allow them to hack into a site’s checkout page. And when the black market value of payment details collected from an online store is almost on a par with those skimmed from ATM machines, we’re unlikely to witness a reduction in the frequency of these attacks.  If anything, the number will continue to grow, with experts predicting that the technique will soon be used to collect more than just payment details, expanding to include additional sensitive – and valuable – information such as a user’s login credentials.  

Trust matters in ecommerce. Without it, customers will take their business elsewhere. According to a recent survey, 62 percent of consumers have started to purchase an item online only to abandon the transaction due to concerns over security. That’s a lot of products left sitting in basket that might then have been purchased elsewhere.  

To maintain this trust, and to retain their customers, online retailers must do what they can to protect those customers from any criminal activity that threatens the security of their payment information.  Trusted Knight’s Protector Air is a cloud-based solution, invisible to the end-user, that’s injected seamlessly into every transaction request, thwarting any attempts to steal that information.  

Click here to learn more about how Trusted Knight can protect your customers’ information.