Signs that your website may have been compromised by Magecart include unusual website behavior such as slow loading times or broken links, and customer complaints of fraudulent charges on their credit cards.
Protecting your business from online credit card skimming
In the digital age, online shopping has become a way of life for many people. With the convenience of online shopping, however, comes the risk of cybercrime. One such threat is Magecart, a type of attack that targets online businesses and steals sensitive credit card information from their customers. In this article, we will explore what Magecart is, how it works, and most importantly, how you can protect your business from this dangerous threat.
What is Magecart?
Magecart, inspired by ecommerce platform Magento, is a type of cyberattack that targets online businesses with the goal of stealing sensitive information, including payment card data. These attacks are a form of web skimming and derive from the Magecart hacker group that began in 2015 targeting several well-known global brands. Leveraging third-party vulnerabilities in ecommerce and other e-service platforms, an attacker is able to inject malicious code into an online retailer’s payment pages within the browser to skim for information. This code then captures payment card details entered by a site visitor during the checkout process and sends it to an attacker-controlled domain to harvest.
Magecart attacks are difficult to detect because they occur within the browser, and the malicious code is often hidden within legitimate code on the retailer’s website. These attacks are executed on the client side and cannot be detected by common web security methodologies such as web application firewalls (WAFs). As a result, Magecart attacks can remain unseen for long periods, and customers may unknowingly enter their credit card information into a compromised website, putting their sensitive information at risk.
How does Magecart work?
Mass and targeted Magecart attacks are carried out in several ways, but typically involve three main stages:
Infiltration — The attacker gains access to the retailer’s website through various means, such as exploiting script vulnerabilities in the website to inject malicious code or targeting third-party vendors via supply chain attacks.
Implantation — Attackers continue to evolve methods of implantation to steal sensitive information and avoid detection. Example techniques include:
- Directly injecting malicious code into the sensitive payment pages of a brand’s site to digitally skim for information
- Creating fake payment forms directly on a brand’s real site through code injection or modification
- Redirecting users to complete transactions on fraudulent sites with similar URLs
- Disguising known third-party vendor code, such as Google Tag Manager
Data exfiltration — The attacker captures and sends the credit card information entered by customers to their own server, where it can be used to conduct fraudulent purchases or sold on the dark web.
How to protect your business from magecart
Protecting your business from Magecart attacks requires a multilayered approach. Here are some steps you can take to safeguard your website and secure customer trust:
Understand your third-party risk: Maintain an inventory of all third-party resources that exist across your website with documented risk factors. Validate that each code is regularly audited by vendors for vulnerabilities.
Keep software up to date: Ensure that all software used on your website, including content management systems and payment processing software, is up to date with the latest security patches.
Client-side visibility: Many organizations build a list of trusted domains to execute on their website through a Content Security Policy (CSP). While CSPs are effective at blocking unauthorized scripts, they require constant maintenance and do not defend against attacks that occur from trusted sources themselves. Implementing a solution that monitors and provides visibility into the script behavior of any source executed within the browser is critical to identifying and protecting against an attack.
Conclusion
Magecart attacks pose a serious threat to online businesses and their customers. Fortunately, Akamai Client-side Protection & Compliance is purpose-built to protect against web skimming, form jacking, and Magecart attacks. It provides visibility into the script execution behavior of a web page and collects information about the different scripts running on the page, including their actions and their relationships with other scripts.
Frequently Asked Questions (FAQ)
A Magecart attack refers to a type of cyberattack that targets ecommerce sites by injecting malicious code into checkout pages, allowing threat actors to “skim” user credit card details put into the HTML form. The credit card information then goes directly to a server, where it’s either used by the attacker or sold on the dark web. Magecart attacks pose a substantial risk to ecommerce sites, and any other site that collects user information, as highly sophisticated attackers use obfuscation methods to disguise malicious code and use geofencing to obscure their own whereabouts.
While it is difficult to completely prevent Magecart attacks from occurring, implementing strong website security measures and regularly monitoring script behavior for malicious activity can reduce the risk of an attack.
If you suspect that your website has been compromised by Magecart, take immediate action to remove the malicious code and notify your customers of the breach. Contact a cybersecurity professional for assistance in securing your website and preventing future attacks.
Why customers choose Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.