Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
November 13, 2018
Leading Cyber Risk and Intelligence Teams Profile the Criminal Underworld Behind Large-Scale Credit Card Breaches
SAN FRANCISCO and NEW YORK CITY – November 13, 2018 – RiskIQ, the global leader in digital risk management, today released a joint report with Flashpoint, the global leader in Business Risk Intelligence (BRI), analyzing Magecart, an umbrella term given to at least seven prolific cybercriminal groups placing digital credit card skimmers on thousands of compromised e-commerce sites.
The first-of-its-kind, in-depth report details seven individual Magecart groups with an analysis of their unique skimmer, tactics, and targets. The paper also analyzes the connection between this web-based activity and a thriving criminal underworld that enables these groups to operate. Readers will learn how Magecart groups monetize their campaigns via the sale and distribution of stolen cards on underground shops and a shadowy supply chain offering skimmer kits and compromised e-commerce sites-as-a-service.
The report also builds a timeline of the Magecart phenomenon from the inception of digital credit card skimming to Magecart’s current all-out assault on e-commerce that claimed thousands of small and mid-sized online shops—and several giants—as victims.
“The Modus Operandi of the web-skimming Magecart groups has evolved significantly and has been ramping up over the past two years,” said Yonathan Klijsnma, Head Researcher at RiskIQ. “With the number of criminal groups operating these skimming campaigns, it’s likely one of the biggest threats facing e-commerce right now.”
“The cybercriminal underground continues to provide a vibrant platform for buying and selling various credit card sniffer toolkits, as well as other critical criminal services meant to cash out the stolen cards,” said Vitali Kremez, Director of Research at Flashpoint. “As we explore these groups, it is important to keep in mind that the most profitable ventures—those that inflict the greatest damage on the e-commerce and financial industry—are run by experienced career criminals who have, over the years, developed extended networks of trusted criminal suppliers.”
The comprehensive report combines RiskIQ’s global surface web visibility, which first exposed Magecart threat activity in 2016 and continues to track it, and Flashpoint’s expertise in monitoring illicit communities, which ultimately reveals the commercial side of Magecart operations. This report provides powerful new intelligence that can help private and public sector organizations, including law enforcement, develop a more effective strategy to counter Magecart’s growing threat.
RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and continues to be a critical threat to all organizations offering online payment facilities. With online sales predicted to rise 17-22 percent over the upcoming holiday season, Magecart’s criminal activities may intensify.
Download the full report here.
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.
Visit https://www.riskiq.com or follow us on Twitter. Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/.
Flashpoint delivers Business Risk Intelligence (BRI) to empower organizations worldwide with meaningful intelligence and information that combats threats and adversaries. The company’s sophisticated technology, advanced data collections, and human-powered analysis uniquely enables large enterprises and the public sector to bolster cybersecurity, confront fraud, detect insider threats and build insider threat programs, enhance physical security, improve executive protection, and address vendor risk and supply chain integrity. For more information, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.
© 2018 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.
Front Lines Media for RiskIQ
CHEN PR for Flashpoint
+1 617 645 5931