Posts

Showing posts from January, 2020

Deep-dive: The Magecart Collective

Image
The Magecart collective is a myriad of distinct cybercriminal groups which are strategically inserting credit card skimming code on to compromised e-commerce websites, at an unprecedented rate and with frightening success. Magecart achieved infamy after two data heists from Ticketmaster and British Airways. Hundreds of thousands of customers’ card payment information had been lifted via a few lines of JavaScript code injected onto the pages where customers fill out their credit card numbers. (Figure 1) Figure 1 Magecart attacks are designed to evade detection systems like a web application firewall  (WAF), antivirus solutions, and traditional firewalls, by executing their inserted code in the browser. This attack works by compromising third-party services, like Amazon Web Services (AWS), shopping cart software, and WordPress plugins among others to insert their code on to the page where customers fill out their credit card information.  This inserted code is usu

Hello World!

Image
I created this blog to improve my writing and enhance my researching skills. I hope to write several blog posts based on the current threat landscape. My current job description includes cyber threat intelligence analyst, dealing with phishing and typosquatting, vulnerability assessments, OSINT investigations, penetration testing, and malware analysis. I have a tried and tested writing framework which has been reliable for reporting and analysis so far. Some of the topics I initially aim to cover includes: - The Magecart collective - The Lazarus Group - Emotet, TrickBot, and Ryuk Analyse the threat: - Introduce your topic with the what, where, when, who, how? - So what does this mean and why? (provide analysis) For any kind of new malware/threat I will: - Attach IOCs (Indicators of Compromise) - Provide Mitre ATT&CK framework TTPs The fun part is researching, but the writing is what matters. GitHub Repo:  https://github.com/BushidoUK Twitter:   https://