Magecart Protection

What is Magecart?

A name given to a loose collective of attackers, Magecart have focused on targeting organisations to steal significant quantities of Payment Card Data from 2014 onwards.

By finding ever more evasive ways to inject their malicious JavaScript into your website, the attackers can skim customer data right out of the page as it's typed, and into their hands.

What is their goal?

Magecart have always focused on stealing Payment Card Data (credit and debit card details) from checkout pages on websites. They gather up the data over a period of time and then 'cash out' by loading those cards with fraudulent transactions.

These attacks have been so devastating in the past because detecting them is hard and the attackers lurk on your website, often for months at a time, siphoning off customer data.

Recent Developments

Magecart continue to do damage on an ongoing basis, with new attacks detected almost weekly. Over the years they have targeted larger and larger organisations, impacting more users and costing companies tens of millions of dollars. In some recent attacks we have also witnessed Magecart stealing not only Payment Card Data, but other sensitive data like usernames and passwords too.

Here are some examples of the costs faced by an organisation recently hit by a Magecart attack:

  • Remediating the intrusion that caused the attack.
  • A PFI (PCI Forensic Investigation) ordered by VISA, Mastercard and other card issuers.
  • Fines from regulators, such as the ICO (Information Commissioners Office) in the UK.
  • Significant brand and reputation damage from negative coverage in mainstream media outlets.
  • Class action lawsuits from users who had their data stolen.
  • Strategic losses caused by the diversion of resources.
  • Ongoing litigation between involved parties.

Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022.

- IBM

How we can help

As Magecart have developed into an increasingly larger threat over the years, our service has evolved to provide features specifically aimed at reliably detecting, and even mitigating, a Magecart attack.

Content Security Policy is a powerful security mechanism built into all modern web browsers and using Report URI, you can leverage it to great effect, quickly and easily. Here are some of our products you might be interested in.

Script Watch

Script Watch will monitor all JavaScript dependencies across your entire site and immediately notify you of any changes. A new JavaScript dependency could be the start of a Magecart attack.

Because Script Watch leverages the browser native Content Security Policy, there is no code or agent to deploy and running in the browser means we analyse your site in real-time as your users are browsing. We don't have the same limitations as external scanning services such as authentication or pay walls, geo-sensitive content or an attacker potentially serving safe content to the crawler.

Read More

Data Watch

Data Watch will monitor all of the locations that your webpages are sending data to. If your website starts sending data to a new location, it could be the start of a Magecart attack.

With Script Watch and Data Watch combined, you can monitor for clear indicators that your site has been compromised. Attackers will always want to inject their hostile JavaScript, and they'll always want to exfiltrate their stolen data.

Read More

Content Security Policy

Script Watch and Data Watch will allow you to rapidly detect and respond to a Magecart attack and combined, that capability puts you ahead of the field. If you want to take it a step further, Content Security Policy can mitigate a Magecart attack and stop it from even happening.

Deploying an effective Content Security Policy can be difficult, but our CSP Reporting allows you to gather feedback and safely test a policy before deployment. Once deployed, an effective Content Security Policy will block a Magecart attack and stop the hostile JavaScript from even running.

Read More

Threat Intelligence

We subscribe to various feeds of Threat Intelligence data, along with managing our own internally generated feeds, to keep apprised of the latest threats that exist online.

Using this Threat Intelligence Data, we can better analyse the sources of JavaScript on your website and detect malicious activity sooner.

Read More