Posts

Showing posts from August, 2020

Analysis of a recent Magecart campaign

Image
On 13 March, SanSec disclosed a new Magecart domain used to host malicious JavaScript (.js) files that can collect credit card information from ecommerce site checkout pages. The site (jquerycdn[.]at) that hosted the scripts was present on at least 299 different victim stores. The most commonly attacked platform is Magento 1 ecommerce platform. Notably, support for Magento 1 ended on 30 June 2020, meaning that it will no longer receive security updates.
How does the web skimmer work?“Web skimmers are loaded on the checkout page of a typical store. It lives in the browser of an unsuspecting online customer. Whenever he or she enters her payment information, the private data is siphoned off to an offshore server. Usually, this data is then sold on the dark web within 2-10 weeks.” - SanSec. 
In this blog, I analysed the JavaScript Skimmers connected to jquerycdn[.]at in an ongoing campaign: 
knockout-fast-foreach.js46fa357596e58272e6e2865c8b80bb96eb910c577267ce64bcada714c8eefdff

jquery.stora…

My first year in Cyber Threat Intelligence

Image
As of 1 August, I have been working in the cyber threat intelligence industry for one whole year. It has been a steep, but rewarding, learning curve that gives as much back as you put into it.
In 2016, I started university doing a cybersecurity-specific course as I knew it was what I wanted to do since I was about 15 years old. I graduated in 2019 with a 2:1 in BSc (Hons) Computer and Information Security. Within three weeks of finishing my course I was offered a job in July and started in August. It could not have been better. 
It was only until the end of my course that I began to learn about threat intelligence and emerging threats in an interesting module that educated us about 0day vulnerabilities and the darknet. Initially, I wanted to be a penetration tester (like most students on my course), but I was only just about able to make it through the labs on Kali and Metasploit through hard work and frustration. This put me off and made me look elsewhere into other areas of security w…