A name given to a loose collective of attackers, Magecart have focused on targeting organisations to steal significant quantities of Payment Card Data from 2014 onwards.
Magecart have always focused on stealing Payment Card Data (credit and debit card details) from checkout pages on websites. They gather the data over a period of time and then 'cash out' by loading those cards with fraudulent transactions or selling them on to other criminal gangs.
These attacks have been so devastating in the past because detecting them is hard and the attackers lurk on your website, often for months at a time, siphoning off customer data.
Magecart continue to do damage on an ongoing basis, with new attacks detected almost weekly. Over the years they have targeted larger and larger organisations, impacting more users and costing companies tens of millions of dollars. In some recent attacks we have also witnessed Magecart stealing not only Payment Card Data, but other sensitive data like usernames and passwords too.
Here are some examples of the costs faced by an organisation recently hit by a Magecart attack:
As Magecart have developed into an increasingly larger threat over the years, our service has evolved to provide features specifically aimed at reliably detecting, and even mitigating, a Magecart attack.
Content Security Policy is a powerful security mechanism built into all modern web browsers and using Report URI, you can leverage it to great effect, quickly and easily. Here are some of our products you might be interested in, or reach out to email@example.com if you need more information.
Because Script Watch leverages the browser native Content Security Policy, there is no code or agent to deploy and running in the browser means we analyse your site in real-time as your users are browsing. We don't have the same limitations as external scanning services such as authentication or pay walls, geo-sensitive content or an attacker potentially serving safe content to the crawler.
Data Watch will monitor all of the locations that your webpages are sending data to. If your website starts sending data to a new location, it could be the start of a Magecart attack.
Script Watch and Data Watch will allow you to rapidly detect and respond to a Magecart attack and combined, that capability puts you ahead of the field. If you want to take it a step further, Content Security Policy can mitigate a Magecart attack and stop it from even happening.
We subscribe to various feeds of Threat Intelligence data, along with managing our own internally generated feeds, to keep apprised of the latest threats that exist online.