Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
November 13, 2018, Team RiskIQ
The name Magecart has become ubiquitous as recent high-profile compromises have brought the threat of online card skimming to the forefront of security conversations and news publications.
Magecart, an umbrella term given to at least seven cybercrime groups, are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. Responsible for victimizing scores of e-commerce sites including global brands Ticketmaster, British Airways, and Newegg, Magecart and its operatives intercepted thousands of consumer credit card records and are claiming more victims every day.
However, although Magecart is only now becoming a household name, its activity isn’t new and points to a complex and thriving criminal underworld that has operated in the shadows for years.
In a brand new RiskIQ and Flashpoint joint report, ‘Inside Magecart,‘ we build a timeline of the Magecart phenomenon from the inception of digital credit-card skimming—its evolution from a Cart32 shopping cart software backdoor to Magecart’s current all-out assault on e-commerce that compromises thousands of sites directly and via breaches of third-party suppliers.
We’ll also profile the six leading Magecart groups along with notable related unclassified threat groups, highlighting their skimmers, tactics, targets, and what makes them unique:
Group 1 & 2 – Casts a wide net for targeting, likely using automated tools to breach and skim sites. It monetizes with a sophisticated reshipping scheme.
Group 3 – Goes for a high volume of targets to go for as many victims as possible, but is unique in the way its skimmer works.
Group 4 – Extremely advanced, this group blends in with its victims’ sites to hide in plain sight and employs methods to avoid detection.
Group 5 – Implicated in the breach of Ticketmaster, this group hacks third-party suppliers to breach as many targets as it can.
Group 6 – Extremely selective and only going for top-tier targets, such as British Airways and Newegg, to secure a high volume of traffic and transactions.
Download the report
From there, Flashpoint delves into the commercial side of Magecart operations—the sale and distribution of stolen cards on underground shops, the monetization of Magecart operations through mule-handling and shipping goods, and the dynamics of an underground supply chain offering operatives skimmer kits and compromised e-commerce sites as a service.
RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and will continue to be a critical threat to all organizations offering online payment facilities, especially over the upcoming Black Friday weekend.
Download the report here for the intel you need to protect yourself from this growing threat.