UPDATED 22:04 EST / JANUARY 08 2020


New year, same hacking: Blue Bear Software and Focus Camera the latest Magecart victims

New year, same hacking, and this time Blue Bear Software and Focus Camera Inc. are the latest victims of Magecart attacks.

Magecart is a form of attack that hijacks customer information at the point of sale on websites, stealing all the details a customer inputs into a site to purchase a given product or service. It emerged in 2018 with an attack on British Airways Plc., spreading to Newegg Inc., the Infowars StoreCathay Pacific Airways Ltd.Ticketmaster Entertainment Inc., Macy’s Inc., Sweaty Betty and Oxo International Ltd.

The story with both Blue Bear Software and Focus Camera could have been mostly cut-and-pasted from the previous Magecarts, but there is one slight variation that was interesting.

Bleeping Computer reported Tuesday that with the Focus Camera Magecart attack, those behind the hack pretended to be ZenDesk in an attempt to hide malicious traffic. Specifically, the attacker’s registered zdsassets.com, a domain that resembles ZenDesk’s legitimate “zdassets.com.”

Blue Bear Software, an administration and e-commerce platform for schools and other educational institutions, had data stolen in a Magecart attack between Oct. 1 and Nov. 13 last year. The data stolen included names, credit and debit card numbers, expiration dates, security codes and Blue Bear account usernames and passwords.

“This latest cyberattack on Blue Bear web stores attests once again to the fact that Magecart is here to stay,” Elad Shapira, head of research at security auditing firm Panorays Inc., told SiliconANGLE. “This time, the attack targeted an educational accounting software platform that parents use to pay for student fees, books and school supplies. Online retailers like Blue Bear are prime targets for Magecart, because data is easily stolen during checkout, often through third parties, as customers enter their credit cards.”

To prevent these attacks, he said, companies must put processes in place to manage and review their susceptibility to the Magecart threat in their cyber supply chain. “Doing so is important throughout the whole third-party business relationship, and should include continuous monitoring of third parties’ cyber posture,” he said.

PerimeterX Inc. senior security researcher Gadi Naveh noted that since most conventional businesses are moving to conduct their payments online, the attack landscape is shifting to compromise those payments.

“Stores using physical payment methods have learned their lesson and invested in preventive methods to block point-of-sale credit card theft,” Naveh explained. “Online stores should also add preventive measures to protect their users from data breaches resulting from online skimmers and Magecart attacks. As the case of Blue Bear shows, even a third-party payment vendor intended to improve security can be compromised.”

Photo: Pxhere

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.