Ticketmaster Breach Part of Global Digital Skimming Campaign

The Ticketmaster UK ‘breach’ is far more extensive than at first thought — part of a single operation by a threat group affecting over 800 e-commerce sites around the globe, according to new intelligence.

Security firm Risk IQ said it has been tracking the Magecart group since 2015. Its latest modus operandi is to use a kind of digital card skimmer, malicious code, which is injected into code from third-party providers in a kind of supply chain attack.

That’s what happened to Ticketmaster UK, after supplier Inbenta Technologies was compromised and the malicious code was injected into legitimate script destined for the Ticketmaster site.

The revelations mean that the Ticketmaster breach is more extensive than at first thought, as suppliers other than Inbenta were also compromised in the same way. The Ticketmaster Germany, Australia and International brands were compromised via breached supplier SocialPlus between December 2017 and January 2018, Risk IQ claimed.

By targeting suppliers in this way, the group can access tens of thousands of victims in one fell swoop. The report claimed that one single campaign hit 100 “top-tier victims” which comprised the e-commerce sites of some of the biggest brands in the world.

“Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection,” Risk IQ continued. “Previously, they compromised individual websites and added new Javascript or links to remote Javascript files, but they seem to have gotten smarter—rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer.”

Other compromised suppliers include analytics firms PushAssist and Annex Cloud, and marketing firm Clarity Connect.

Munish Walther-Puri, chief research officer at dark web intelligence firm Terbium Labs, claimed the latest findings could point to one of the biggest breach campaigns ever conducted.

“Despite innovation in payments, e-commerce sites and merchants need to pay closer attention to the impact of payment cards,” he added. “While new and developing payment technologies are receiving a lot of attention, payment cards continue to be ubiquitous in the fraud community: immediate payoff, clear exploits, and scalable models will keep payment cards valuable for years to come.

LogRhythm EMEA MD, Ross Brewer, claimed that third-party data breaches are a growing problem for businesses.

“Hackers are persistent, clever people who have wised up to the fact that going after the big guys who have an array of sophisticated security tools in place is no easy feat. Instead, they’re redirecting their attention to smaller, third-party suppliers that can act as a gateway to more lucrative targets,” he added.

“As the saying goes, you’re only as strong as your weakest link, which means if one of your third-party partners doesn’t have the same commitment to data protection, any tools you have in place are essentially rendered useless.”

What’s Hot on Infosecurity Magazine?