‘Magecart’ Exploits Pose Significant Threat to Website Shopping Carts

Many organizations have some sort of “shopping cart” feature on their websites that allows them to collect online payments from customers. In most cases, the shopping cart functionality is purchased from a third party, and simply plugged into the website. Why reinvent the wheel if the software is readily available?

Magecart Hacking

Trouble is, shopping cart apps can become compromised, resulting in a data breach for an unsuspecting organization.

The American Society for Clinical Pathology (ASCP) found that out the hard way. The Chicago-based association recently disclosed a cybersecurity incident affecting customers who entered payment card information on the ASCP website. Although the ASCP said it found no evidence that payment data was misused, hackers did have access to credit and debit card numbers, expiration dates, names, and CVV codes between March and November 2020.

Security experts believe the ASCP fell victim to a Magecart attack. Also known as e-skimming, web skimming or digital skimming, Magecart attacks inject JavaScript into shopping cart apps to steal information entered by customers.

Magecart is a rapidly growing consortium of cybercriminals who specialize in e-skimming attacks. It has been active since 2016 and is responsible for thousands of data breaches. One of the largest Magecart attacks involved a zero-day exploit that affected nearly 2,000 ecommerce sites in September 2020. The sites used the Magento 1 platform, which is no longer supported.


Anatomy of a Magecart Attack

In a typical attack, a Magecart hacker alters the shopping card application by inserting JavaScript code that redirects the payment app to a malicious website. Magecart attacks are often uploaded to GitHub, a hosting platform where software developers share and collaborate on applications and manage source code.

GitHub also provides distributed version control, which means that code changes are mirrored across other developers. This is a handy way to ensure that all developers are on the same version, but it poses significant risks — even if developers follow best practices and scan the code with security tools. There are dozens of Magecart code-injection exploits, so the only sure way to detect them is to compare versions of the app line by line.

Magecart is a rapidly growing consortium of cybercriminals who specialize in e-skimming attacks.

VISA has warned that cybercriminals are also using web shells on compromised servers in e-skimming attacks. Hackers who gain access to a server often install web shells to maintain a backdoor into the system, execute commands and code, install malware, and move laterally through the victim’s network. Web shells enable hackers to connect to a command-and-control server and exfiltrate data from a compromised ecommerce site.


How GDS Can Help

Magecart is a supply chain attack, meaning that it targets third-party suppliers in an effort to infiltrate as many systems as possible. Organizations generally lack visibility into third-party web-based platforms and have no idea that malicious code has been injected into their site. Often, web platforms pull code from cloud resources that, if compromised, could affect thousands of sites.

In 2019, the FBI issued a warning to small to midsize businesses (SMBs) about e-skimming threats. To protect themselves, organizations should:

  • Keep all systems and applications up-to-date and patched.
  • Implement strong firewalls and antimalware solutions.
  • Change default login credentials and implement multifactor authentication.
  • Warn users about clicking on suspicious links and email attachments.
  • Segment networks to prevent attackers from easily moving from system to system.

GDS helps organizations implement this kind of layered security approach, and provides comprehensive maintenance, management and support. We also go beyond traditional perimeter security with tools that continuously monitor your network to detect zero-day exploits and ongoing attacks.

Magecart targets more than just ecommerce — any website that collects sensitive information could be attacked. Let GDS help protect your web-based assets and reduce the risk of a costly data breach.



Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >