UPDATED 22:13 EST / SEPTEMBER 11 2018

INFRA

British Airways hack linked to the same group that hit Ticketmaster

The hack of U.K. carrier British Airways last week that affected 380,000 customers has been linked to a notorious hacking gang that was also behind the hack of Ticketmaster Entertainment Inc., according to a new report.

The claim Tuesday came from security firm RiskIQ Inc. which link the hacks to a gang it dubs “Magecart” that uses “web-based card skimmers.” That attack method is aimed at skimming e-commerce transactions with the intent of capturing payment card details.

In the case of Magecart, the group “injects scripts designed to steal sensitive data that consumers enter into online payment forms on e-commerce websites directly or through compromised third-party suppliers used by these sites.”

British Airways itself has yet to disclose how the hack occurred, but Ticketmaster did, saying at the time that their hack was the result of “malicious software on a customer support product hosted by an external supplier.”

The report went on to note that Magecart set up custom, targeted infrastructure to blend in with the British Airways website specifically to avoid detection for as long as possible, indicating that the group is evolving and has the capability to do so again.

Mike Bittner, digital security and operations manager at The Media Trust, told SiliconANGLE that the hacks of both British Airways and Ticketmaster reveals a failure of some developers and software engineers to integrate security measures in designing web apps, as well as organized cybercriminals continuing to exploit vulnerabilities.

“The tools and techniques to prevent cross-site scripting and SQL injections have been around for a while, but they continue to be ignored,” Bittner said. “Developers should determine what is safe user input and reject all others, be they text, JavaScript or any unauthorized code. Website operators should carefully vet third-party web app providers to ensure their products have the right security measures in place.”

Also, he said, websites should test their web apps to make sure they aren’t vulnerable to attacks involving cross-site scripting or SQL injections. Not least, he added, they should continuously scan their sites to detect unauthorized code.

“Anything less than a proactive, comprehensive approach to securing their sites could amount to infringement of a growing number of consumer data privacy regulations like GDPR,” he said.

Photo: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU