Deep-dive: The Magecart Collective
The Magecart collective is a myriad of distinct cybercriminal groups which are strategically inserting credit card skimming code on to compromised e-commerce websites, at an unprecedented rate and with frightening success. Magecart achieved infamy after two data heists from Ticketmaster and British Airways. Hundreds of thousands of customers’ card payment information had been lifted via a few lines of JavaScript code injected onto the pages where customers fill out their credit card numbers. (Figure 1) Figure 1 Magecart attacks are designed to evade detection systems like a web application firewall (WAF), antivirus solutions, and traditional firewalls, by executing their inserted code in the browser. This attack works by compromising third-party services, like Amazon Web Services (AWS), shopping cart software, and WordPress plugins among others to insert their code on to the page where customers fill out their credit card information. This inserted co...