Magecart

now browsing by tag

 
 

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Source: National Cyber Security – Produced By Gregory Evans

Indonesian magecart hacker arrested

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.

Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.

According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access.

Just like most of the other widespread Magecart attacks, the modus operandi behind this series of attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.

Hackers then secretly implanted digital credit card skimming code—also known as web skimming or JS sniffers—on those compromised websites to intercept users’ inputs in real-time and steal their payment card numbers, names, addresses and login details as well.

Though Indonesian police claim these hackers had compromised 12 e-commerce websites, experts at cybersecurity firm Sanguine Security believe the same group is behind the credit card theft at more than 571 online stores.

“These hacks could be attributed because of an odd message that was left in all of the skimming code,” Sanguine Security said.

“http://feedproxy.google.com/”Success gan’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructures.’

The police revealed that the suspects used stolen credit cards to buy electronic goods and other luxury items, and then also attempted to resell some of them at a relatively low price through local e-commerce websites in Indonesia.

js credit card skimmer

On an Indonesian news channel, one of the accused even admitted to hacking e-commerce websites and injecting web skimmers since 2017.

Moreover, experts also observed similar cyberattacks linked to the same online infrastructure even after the arrest of three people, and thus believes that there are more members of this hacking group who are still at large.

The Original Source Of This Story: Source link

The post Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Protecting Websites from Magecart and Other In-Browser Threats

Source: National Cyber Security – Produced By Gregory Evans

The Rise of Third-Party Scripts

Modern web applications have become increasingly reliant on external code, services and vendors that execute JavaScript code in the browser… often referred to as third-party scripts. As a close-to-home example shown below, Akamai executes dozens of scripts to populate our home page.  Nearly 70% of these scripts come from outside sources.

Partial Request Map View of www.Akamai.com 

Source: https://requestmap.herokuapp.com/render/200107_S4_75af286693538a095b33ac5e4740b0b8/

We, like almost all other internet-based businesses, use third-party scripts because they enhance the web experience, are easy to add and modify, promote a consistent web experience and are pre-integrated and maintained by the third parties.  In fact, web sites today average 56% third-party scripts (Akamai has 68% third-party).

Source: Security and Frontend Performance, Challenge of Today: Rise of Third Parties, Akamai Technologies and O’Reilly Media, 2017

 

The Security Challenge

Magecart – a class of credit card hacker groups using new & more sophisticated attack methods has become the “poster child” of third-party scripts attacks.

protectingwebthree.PNG

Because third-party scripts come from a myriad of trusted and untrusted sources in a business’s supply chain, the attack surface for web-facing applications has become significantly larger and harder to protect.  Sites that use credit card processing are at constant risk – in fact out of the tens of thousands of sites hit with Magecart in the last few years, 1 in 5 victims are re-infected, often within months of the last attack.

Source: Sangine Security, 2018. https://sansec.io/labs/2018/11/12/merchants-struggle-with-magecart-reinfections/

Unfortunately, most application protection solutions today have tried to retrofit existing techniques to prevent third-party script threats using firewall and policy controls. When rigorously applied, this approach can restrict open business practices and the advantage of third-party scripts. And, when applied to loosely, can miss a lot of attacks.

The primary way, security teams keep their scripts clean, is via constant script review and testing… which is really hard.

Because of this constant, time consuming, invisible challenge for security teams to be able to detect and mitigate third-party script attacks, it often isn’t done making injecting malicious code into web pages via third-party Javascripts one of the most popular attack methods for credit card and credential skimming today. In 2019, an average of 4800 websites were compromised from third-party injected code every month, a 78% increase over 2018.

Source: Symantec 2019 Internet Security Threat Report

Akamai Page Integrity Manager

Page Integrity Manager is designed to discover and assess the risk of new or modified JavaScript, control third-party access to sensitive forms, and enable automated mitigation. The solution fully monitoring the behavior of each JavaScript workload in the session, through a series of detection layer, using machine learning model, heuristics, signatures and risk score model. This advanced approach identifies suspicious and malicious behavior, enable automated mitigation using policy-based controls, and block bad actors using Akamai threat intelligence to improve accuracy.

Prevented Threats

protectingwebfour.PNG

Capabilities

  • Behavioral detection technology constantly analyses the behavior of script execution, in real-user sessions, to identify suspicious, or outright malicious behavior and notify security teams with timely and actionable insights.
  • Outgoing network monitoring and script Intelligence: monitor network requests and know what real users are downloading and executing when they interact with your brand to detect potential malicious threats.
  • CVEs detection: continuously check all web resources, seen on the web application against open Common Vulnerabilities and Exposures database, to identify existing known vulnerabilities in runtime JavaScript code.
  • Edge Injection for rapid enablement: Page Integrity Manager is injected at the CDN level, easy to deploy, no code needed. 
  • Policy management: control your runtime JavaScript execution by optionally craft policies that monitor and/or restrict access to cookies, network destinations, local storage, sensitive data inputs, or DOM events per originating domains

Akamai will be launching Page Integrity Manager in 2020.

We are inviting customers to participate in a valuable beta project with a working product to help you be protected from malicious scripts.

To learn more, download our Beta Product Brief.

Join our beta program today by contacting your Akamai sales team.

https://securityboulevard.com/

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Mike Kane. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/-QH1Nxqx7Mc/protecting-websites-from-magecart-and-other-in-browser-threats.html

Source link

The post #cybersecurity | #hackerspace |<p> Protecting Websites from Magecart and Other In-Browser Threats <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Online tools help consumers protect against Magecart

Source: National Cyber Security – Produced By Gregory Evans Trustwave researchers outline free card skimmer detection techniques Online shoppers and merchants can detect whether websites are infected by Magecart with easy to use techniques provided from researchers at Trustwave. In a blog post published yesterday (December 19), security researcher Michael Yuen outlined how to determine […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Protection against Magecart with new Instart Web Skimming Protection for Salesforce Commerce Cloud

Source: National Cyber Security – Produced By Gregory Evans Salesforce Commerce Cloud, also known as Demandware, is used by some of the worlds largest brands for marketing, customer interaction, and to process online shopping transactions. Given the importance of the platform, and the sensitivity of the data it handles, it is a popular target for […] View full post on AmIHackerProof.com