SECURITY
SECURITY
SECURITY
New Magecart credit card skimming group is targeting ad-related websites
A new subgroup of the Magecart digital credit card skimming gang has been detected that’s targeting advertising-related websites with a new strain of malware, security researchers from RiskIQ Inc. revealed today.
Dubbed Magecart Group 12, the subgroup is said to have been founded in September. It’s specifically gaining access to targets via third-party suppliers of code meant to improve websites, such as content delivery networks.
In one case that targeted French ad agency Adverline, the Magecart group inserted code via the company’s CDN provider to steal credit card data. “In this case, the group compromised a content delivery network for advertisements to include a stager containing the skimmer code so that any website loading script from the ad agency’s ad tag would inadvertently load the Magecart skimmer for visitors,” the researchers explained.
Related Magecart attacks have resulted in the theft of data from Newegg Inc., the Infowars Store, Cathay Pacific Airways Ltd., British Airways, Ticketmaster Entertainment Inc. and, earlier this month, Oxo International Ltd.
Mike Bittner, digital security and operations manager for The Media Trust, told SiliconANGLE that the new malware strain is yet another sign of how sophisticated and organized bad actors have become.
“It has not only affected the French ad agency, but at least two large digital ad technology vendors, who saw a malicious domain pop up in their payment pages, but were able to thwart the infection by continuously monitoring their digital ecosystem for unauthorized code and terminating the malware at its source,” Bittner explained. “Other players along the supply chain should be just as vigilant, especially retail sites at the receiving end of infected ads and whose users will inevitably be affected. If EU consumer information is stolen, affected companies could face General Data Protection Regulation fines.”
Matan Or-El, co-founder and chief executive officer of Panorays Inc., noted that the new attack underscores the need for enterprises to assess and manage the risk from third parties and the supply chain constantly.
“A crucial tool for enterprises would be a system that automates this process and shines the light on those vendors and partners who pose the biggest threat to an enterprise data,” Or-El said.
Image: Maxpixel
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
