January 16, 2019 New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks RiskIQ has tracked Magecart and exposed their attacks for years. Now, the term is top-of-mind in the security community and beyond, with a Google search of ‘Magecart’ returning over 170,000 results. In fact, the cybercriminal group of digital credit card-skimming gangs gained such notoriety throughout last year that WIRED named Magecart in its list of […]
December 4, 2018 In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]
November 13, 2018 Inside Magecart: RiskIQ and Flashpoint Release Comprehensive Report on Cybercrime and the Assault on E-Commerce The name Magecart has become ubiquitous as recent high-profile compromises have brought the threat of online card skimming to the forefront of security conversations and news publications. Magecart, an umbrella term given to at least seven cybercrime groups, are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening […]
September 19, 2018 Another Victim of the Magecart Assault Emerges: Newegg RiskIQ conducted the research for this report in collaboration with Volexity, which will release a separate report of its own. From different perspectives, we will discuss the same incident, showing how we found and analyzed the latest instance of Magecart using our unique capabilities and datasets. While the dust is settling on the British Airways […]
September 11, 2018 Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims On September 6th, British Airways announced it had suffered a breach resulting in the theft of customer data. In interviews with the BBC, the company noted that around 380,000 customers could have been affected and that the stolen information included personal and payment information but not passport information. On its website, British Airways placed an […]
July 26, 2018 Uncovering Magecart With RiskIQ Data: How We Did It The Magecart project is the biggest thing I’ve worked on in my career in both the scope of the cyber threat, the effects of the breaches, and, as a result, the media attention our work garnered. It wasn’t possible without RiskIQ data. Seeing words I wrote quoted on national news is a new experience for […]
July 9, 2018 Inside and Beyond Ticketmaster: The Many Breaches of Magecart On June 27th, Ticketmaster, a ticket sales and distribution company, made public they had been compromised and that hackers stole customer information. However, we discovered that this was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around […]
July 12, 2017 Magecart Threat Actors are Reshipping Items Purchased with Stolen Cards via Mules in the U.S. Magecart is back, and the operation is more elaborate than we thought, involving physical shipping companies with mules operating in the United States. Credit card data is a hot commodity in the criminal underworld of the internet—stolen card data is readily available, and used to fund criminal enterprises of all kinds. But scammers, rippers, and […]
October 6, 2016 Compromised E-commerce Sites Lead to “Magecart” Most methods used by attackers to target consumers are commonplace, such as phishing and the use of malware to target payment cards. Others, such as POS (point of sale) malware, tend to be rarer and isolated to certain industries. However, some methods are downright obscure—Magecart, a recently observed instance of threat actors injecting a keylogger […]
