"A few weeks ago, British Airways was hit by the largest ever regulatory fine of its kind, after global customers visiting its website had their card data stolen. The $228m penalty levied by the UK’s privacy watchdog reflects the seriousness of the attack and the carrier’s failure to protect its customer’s personal and financial information. However, this incident has repercussions way beyond the UK airline and its customers. It’s part of a new wave of attacks designed to implant “digital skimming” code on e-commerce sites, in order to siphon off your card details as they are entered in to pay for goods.
Although tens of thousands of websites have been caught out in this way, there are things you can do to stay safe—most notably by running Trend Micro Security. But first, here’s more on what you need to know.
The story so far
Data breaches are so often in the news headlines today, that you could be forgiven for becoming a little desensitized. From retailers like Target and Home Depot to government breaches at agencies including the Office of Personnel Management (OPM), and from financial organizations like Equifax to tech giants like Yahoo, billions of our personal records have been stolen by cyber-thieves over the past few years.
Yet in all of these cases, there has been little the customer could do about it. That’s because the hackers target the organization directly. They find ways to bypass its security controls and sneak inside the company networks to find what they’re looking for: usually databases full of customer data.
A new type of data breach
However, these new digital skimming attacks are different. In what way? They involve a hacker deploying malicious code known as Magecart to an organization’s website. This code is typically designed to stay hidden, under the radar of the company. And it has a very specific purpose: to steal customer card details as they are entered into the site during payment. In short, it’s the digital equivalent of those physical skimming devices that criminals insert into ATMs to steal card data as it’s entered: it’s highly effective and happens completely without the knowledge of the cardholder.
By using this method, the hackers get access to the full card details, which have a higher resale value on the cybercrime black market. The problem (for them) with the more traditional types of attack targeting back-end databases, is that these organizations may store card data encrypted, or else minus the crucial CVV/CV2 code. Magecart attacks get around that.
What sites are at risk?
Indeed, the Magecart attackers have proven over the past year that no website is safe from skimming attacks. Whether it’s a big-name e-commerce brand like Newegg, a national airline, a global ticketing site (Ticketmaster), or even online campus stores serving nearly 200 universities in the US and Canada–as long as they accept online payments, they’re at risk.
Magecart is so effective that multiple groups are said to be using the code, a piece of malicious JavaScript, to infect websites around the world. And they’re developing new tools and tactics all the time to improve their monetization. These include:
|
|
All this is bad news for online shoppers. So how do you know that the site you’re entering card data into is safe?
What can you do to stay safe?
Unfortunately, there’s nothing obvious that differentiates a website infected with Magecart from any other site. It will look completely normal and will allow you to pay in the usual manner. The only difference is that, in the background, a tiny piece of code will be stealing your data and transferring it to the hackers. So what can you do to protect yourself?
|
|
How Trend Micro can help
Trend Micro Security features two key mechanisms to help stop Magecart attacks:
|
|
Read our Security Intelligence Blog for more technical details on Magecart. Then go to our Security Products Overview to get Trend Micro Security. "" "