Magecart Attacks – You Are Your Best Firewall

Magecart Attacks – You Are Your Best Firewall

Feb 15, 2022 | Data & Cybersecurity

Magecart Attacks

What are Magecart attacks?

Magecart is a group of malicious online hackers who specialize in stealing credit card information from the shopping carts of customers. By injecting JavaScript code onto an e-commerce platform, hackers can redirect customers to a website that contains malware and steal their personal data. These types of attacks are called skimmers or Magecart attacks.

Recent Magecart Attack Against Magento Ecommerce

Last week Sansec, a company specializing in eCommerce malware and vulnerability detection, detected a mass breach of over 500 stores running the Magento 1 ecommerce platform. (Magento is an Adobe e-commerce platform.) All the stores were victim of a payment skimmer loaded from the domain.

The critical vulnerability in Magento triggered Adobe to release an emergency security update. A security flaw was detected that allowed unauthenticated remote execution (RCE) where attackers could exploit to take control of an affected system. Sansec describes this exploit as the “worst possible type and is similar in severity as the Magento Shoplift vulnerability from 2015.” Adobe issued a statement indicating attacks against Magento users have been “very limited” but urges customers to quickly download the update.

How can I prevent becoming a victim of a Magecart attack?

The recent attack against the Magento e-commerce platform being hosted by NaturalFreshMall should be a stark reminder to all online patrons they have a duty to protect themselves in addition to what you expect from your online store provider.

My advice to online shoppers is this. Be your own firewall. You don’t have to be a cybersecurity expert to protect yourself. There are a few basic steps everyone should take as a matter of habit to minimize becoming a victim of online piracy.

First and foremost, users need to have a defense-in-depth mentality. Cybersecurity is like an onion comprised of multiple layers. It’s important to define your perimeter and implement security measures to protect yourself.

Here are a few simple things online shoppers can layer onto their own cyber onion:

    • Start with your bank or credit card issuer.  Turn on all alerts you possibly can, to the point where it’s annoying and you have to go back and dial it down.
    • Use virtual card numbers if your provider supports them.
    • Avoid using a debit card at all costs.
    • Turn on multi-factor authentication everywhere possible.
    • Freeze your credit (it’s free to do).
    • Install plugins to prevent ads and popups.

Blog Footer Cybersecurity

Ron Bradley

Ron Bradley has been involved with Shared Assessments in some capacity for over 15 years. Notably, Bradley wrote some of the very first questions for the Standardized Information Gathering (SIG) Questionnaire. In this course of time, his hair has transitioned from an afro to his current distinguished style.

With a depth of experience building TPRM programs in financial services (Bank of America) and manufacturing (Reynolds, Trane Technologies), Ron understands how cultures and organizations drive the supply chain and third party process. As Vice President, Ron strives to use his extensive knowledge of Third Party Risk Management to help organizations build programs that realize the full potential of the Shared Assessments toolkit.

Ron’s experience in Europe, Asia and South America has allowed him to assess different vendor environments and to build Third Party Risk Management operations from the ground up across the world. Ron is an expert in risk in the manufacturing environment, Operational Technology, and Operational IoT.

Ron lives in Charlotte, North Carolina, and takes frequent trips to Scottsdale, Arizona. He loves golf, travel, and his Big Green Egg, which brings the people around Ron excessive quantities of love, joy, and happiness. Ron’s 24-year-old daughter and his famed sister Kathleen Bradley (first black game hostess!) bring him great delight.

Connect with Ron on LinkedIn or by email.

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics