Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Vendor Blocks 65,000 Magecart Data Theft Attempts in July

Magecart groups appear to be having a busy summer so far, with one security vendor blocking 65,000 attempts to steal card details from online stores in July alone.

Malwarebytes revealed the findings in a new blog post: it shows that US shoppers account for the vast majority of those targeted, nearly 54% in total. Canadians came in second with nearly 16% and then there’s a long tail of countries including Germany (7%), the Netherlands (6%), France and the UK (5%) and Australia (3%).

The firm claimed it is becoming increasingly difficult to differentiate digital skimming groups by code types alone, as copycats reuse existing tools.

There’s also a growing trend among these hackers to use some kind of obfuscation to stay hidden.

“This is an effort to thwart detection attempts and also serves to hide certain pieces of information, such as the gates (criminal controlled server) that are used to collect the stolen data,” said Jérôme Segura, director of threat intelligence at Malwarebytes.

Visiting only larger online sites is no guarantee that consumers will be safe from digital skimmers, especially given the attacks on big-name brands like BA, Newegg and others. BA was famously issued a record £183m proposed fine last month by the ICO for breaking the GDPR.

“Combating skimmers ought to start server-side with administrators remediating the threat and implementing a proper patching, hardening and mitigation regimen. However, based on our experience, a great majority of site owners are either oblivious or fail to prevent reinfections,” argued Segura.

“A more effective approach consists of filing abuse reports with CERTs and working with partners to take a more global approach by tackling the criminal infrastructure. However, even that is no guarantee, especially when threat actors rely on bulletproof services.”

One noteworthy bulletproof hosting service was revealed last month to be operating out of a war zone in eastern Ukraine.

What’s Hot on Infosecurity Magazine?