October 9, 2018 The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved Over the past several months, we’ve published four reports on the digital credit card-skimming activities of Magecart—mainly regarding significant breaches like Ticketmaster, British Airways, and Newegg. In every publication, we noted that the six groups under Magecart have ramped up their operations, becoming more clever, and in many cases, sophisticated, with each attack. However, a […]
September 19, 2018 Another Victim of the Magecart Assault Emerges: Newegg RiskIQ conducted the research for this report in collaboration with Volexity, which will release a separate report of its own. From different perspectives, we will discuss the same incident, showing how we found and analyzed the latest instance of Magecart using our unique capabilities and datasets. While the dust is settling on the British Airways […]
September 13, 2018 Bacloud: Russia’s New Misinformation Safe Haven It was revealed last week that Microsoft took action to stop a phishing operation by Fancy Bear (aka APT28), a cyberespionage group associated with Russian intelligence. The company’s Digital Crimes Unit executed a court order to take control of and sinkhole six domains created by the hacking group ostensibly in preparation for launching phishing attacks […]
September 11, 2018 Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims On September 6th, British Airways announced it had suffered a breach resulting in the theft of customer data. In interviews with the BBC, the company noted that around 380,000 customers could have been affected and that the stolen information included personal and payment information but not passport information. On its website, British Airways placed an […]
August 23, 2018 MarkOfTheWeb: How a Forgetful Russian Agent Left a Trail of Breadcrumbs MarkOfTheWeb: A Calling Card for Careless Russian Agents Digital interference from the Russian Federation is nothing new. Their virtual trespassing efforts have been outed and heavily discussed in the news—even more so in recent months (as you’ve probably noticed). Russian digital incursion into the United States political climate allows them to adjust the direction of […]
July 9, 2018 Inside and Beyond Ticketmaster: The Many Breaches of Magecart On June 27th, Ticketmaster, a ticket sales and distribution company, made public they had been compromised and that hackers stole customer information. However, we discovered that this was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around […]
May 24, 2018 New Attacks on Mew: Phishing MyEtherWallet Via Native Web Views on Android Last week, we published an extensive report on MEWKit, a phishing ATS targeting visitors of MyEtherWallet (MEW) in elaborate ways—including resorting to a BGP hijack. But threats to users of MyEtherWallet aren’t a new thing by any means—phishing pages targeting the cryptocurrency platform, while not as sophisticated as MEWKit, have been going around for a […]
May 10, 2018 This is How Threat Actors Overwhelm the Defenses of Ad Networks Also by Ian Cowger Traffic is a vital commodity in the cybercrime ecosystem that enables criminals to monetize their campaigns in various ways, whether by hijacking traffic from ad networks, carrying out phishing attacks, distributing malware to vulnerable computers, or sending victims to far-reaching networks of scam sites. Many attackers protect this source of […]
May 2, 2018 SpeedFlash and ScrnSize: Fake Flash Updates with a Side of Domain Shadowing Fake Flash download pages have come to be a marker for all manners of malicious activity. We’ve seen it in conjunction with exploit kits, banking Trojans, watering hole attacks, malvertising, adware, phishing, digital currency miners, and multitudes of other digital threats. Often, there are traffic distribution systems or other means of traffic filtering upstream of […]
