Magecart Attacks: Web Skimming Threatens E-commerce Security

ByThreat Analyst

17 July 2021

In 2019, a series of cyberattacks known as Magecart attacks targeted various e-commerce websites, compromising customer payment card information. These attacks highlighted the risk of web skimming and the need for robust security measures to protect online shoppers.

1. Attack Overview and Impact

a. Timeline: Magecart attacks occurred throughout 2019, targeting numerous e-commerce websites across different industries.

b. Attack Methodology: The Magecart attacks involved the insertion of malicious code into vulnerable third-party scripts used by targeted websites. This code captured customer payment card details during the checkout process, compromising sensitive information.

c. TTPs (MITRE ATT&CK): The specific TTPs associated with Magecart attacks may vary depending on the specific campaign and techniques employed.

2. Fallout and Response

The Magecart attacks led to significant financial losses, damaged reputations, and potential legal consequences for affected e-commerce businesses. Upon discovering the compromises, companies took steps to remove the malicious code, enhance website security, and notify affected customers.

3. Lessons Learned

The Magecart attacks highlighted the importance of robust security practices for e-commerce websites. While specific TTPs may vary, possible TTPs in Magecart attacks can include:

  • Supply chain compromise: Attackers may compromise third-party vendors or scripts used by e-commerce websites to inject malicious code.
  • Web skimming techniques: Attackers might employ various techniques to capture payment card information, such as intercepting form submissions or injecting JavaScript code.
  • Covert exfiltration: Attackers may use covert channels to exfiltrate the stolen payment card data without raising suspicion.