The name Magecart has become ubiquitous as recent high-profile compromises have brought the threat of online card skimming to the forefront of security conversations and news publications.
Magecart, an umbrella term given to at least seven cybercrime groups, are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. Responsible for victimizing scores of e-commerce sites including global brands Ticketmaster, British Airways, and Newegg, Magecart and its operatives intercepted thousands of consumer credit card records and are claiming more victims every day.
However, although Magecart is only now becoming a household name, its activity isn't new and points to a complex and thriving criminal underworld that has operated in the shadows for years.
In a brand new RiskIQ and Flashpoint joint report, 'Inside Magecart,' we build a timeline of the Magecart phenomenon from the inception of digital credit-card skimming—its evolution from a Cart32 shopping cart software backdoor to Magecart's current all-out assault on e-commerce that compromises thousands of sites directly and via breaches of third-party suppliers.
We'll also profile the six leading Magecart groups along with notable related unclassified threat groups, highlighting their skimmers, tactics, targets, and what makes them unique:
Group 1 & 2 - Casts a wide net for targeting, likely using automated tools to breach and skim sites. It monetizes with a sophisticated reshipping scheme.
Group 3 - Goes for a high volume of targets to go for as many victims as possible, but is unique in the way its skimmer works.
Group 4 - Extremely advanced, this group blends in with its victims' sites to hide in plain sight and employs methods to avoid detection.
Group 5 - Implicated in the breach of Ticketmaster, this group hacks third-party suppliers to breach as many targets as it can.
Group 6 - Extremely selective and only going for top-tier targets, such as British Airways and Newegg, to secure a high volume of traffic and transactions.
From there, Flashpoint delves into the commercial side of Magecart operations—the sale and distribution of stolen cards on underground shops, the monetization of Magecart operations through mule-handling and shipping goods, and the dynamics of an underground supply chain offering operatives skimmer kits and compromised e-commerce sites as a service.
RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and will continue to be a critical threat to all organizations offering online payment facilities, especially over the upcoming Black Friday weekend.
Download the report here for the intel you need to protect yourself from this growing threat.