Magecart attacks have been around since 2014, and have been very frequent as of late – the hacker group has been targeting even small stores. To prevent them, one must follow the best security practices like regularly following updates, setting strict file permissions, using trusted plugins, and using a firewall.
Magecart attacks made headlines when the hacker group targeted the credit card information of giants like Claire’s, British Airways, Ticketmaster, Netwegg, etc. However, these attacks aren’t recent by any means. Magecart attacks on Magento and other e-commerce websites can be traced back to 2014 when the group of hackers first started monetizing with stolen credit card details. Since then, they have actively been skimming the web.
Experts believe that Magecart was involved in hacking the details of more than 110,000 different online shops till date. The biggest targets of Magecart attacks are e-commerce sites. Since Magento is the ruler of the e-commerce space with the largest market share, it faces a significant threat from Magecart.
Related article: How to Remove Magento & OpenCart Credit Card Malware?
Recently, our engineers have been tracking Magecart hacks once every 2-3 days in small stores too. Magecart has been targeting everyone, and so it is more important than ever to secure your website. In this article, we will talk about the Magecart attacks on Magento and other e-commerce websites and how to prevent them.
What are the Magecart Attacks on Magento About?
Magecart is the name given to a nexus of cyber criminals operating in groups, who engage in illegal web skimming activities and steal credit card info and other payment details of customers online.
As identified by RiskIQ in their detailed and meticulous report “Inside Magecart”, there are around 6 to 7 groups that comprise Magecart – which differ in the infrastructure, targets, and their process. All of these groups skim the web to fetch credit card details online, which are then sold on the black market.
What are Magecart Groups?
According to the “Inside Magecart” report, there are few consequences for these criminals behind the screen. On the contrary, these criminals make fortunes by selling this information. The prices for this information usually varies from $250 to $5,000, depending on the versatility of the skimmer.
Web skimming is only one part of the complete criminal process that goes inside Magecart. After they fish the valuable credit card data they go ahead to monetise it. Presumably, the parties who obtain this info use it to make illicit purchases and ship goods overseas.
The complete list of groups under Magecart
Magecart Groups 1 & 2
Cast a wide net for targeting, likely using automated tools to breach and skim sites.
Magecart Group 3
Targets a high volume of vulnerable websites at one go.
Magecart Group 4
Extremely advanced, this group blends in with its victims’ sites to hide in plain sight and employs methods to avoid detection.
Magecart Group 5
This group hunts for known vulnerabilities in third-party vendors and targets the vendor’s user base. This type was implicated in the breach of Ticketmaster.
Magecart Group 6
This group is highly selective in its targets. Goes only for top-tier companies, such as British Airways and Netwegg to maximise data collection due to high-volume traffic in these websites.
How do the Magecart Groups Operate?
Here’s how most Magecart attacks on Magento work:
Step 1: Gain access
There are multiple steps that go behind in this giant web skimming process. The first of which is to gain access to a vulnerable store’s back-end.
Step 2: Modify the site’s source code
Step 3: Selling the records obtained
Next, they would sell these records in the black market in return of a hefty amount. The sold data is used to make unauthenticated online transactions, transfer money, buy and ship goods to foreign countries.
How to Secure Your Magento Store from Magecart Attacks
Update Plugins & Themes
Magento regularly releases security patches for webmasters to install. These patches are usually fixed vulnerabilities of the previous versions. As a security company, we see a lot of cases of websites being hacked due to outdated versions with known vulnerabilities. Installing these patches is the easiest and best way you can prevent any attacks.
Use Plugins From Trusted Sources
Magecart hackers usually look for bugs in third-party sources. First, make sure you only install plugins from trusted sources. Further, keep up with the latest versions of plugins and themes. Being prompt with the updates can eliminate the risk of being hacked.
Set Strict File Permissions
Besides the above two, always set strict file permissions for your website. You can also take help from this article on our blog to set file permissions on Magento.
Use Two-Factor Authentication
Always use two-factor authentication for checkouts in your website. Two-factor authentication requires an additional verification to confirm the authenticity of the credit card owner. This discourages any payment request made from your card even if it’s stolen.
Use a Firewall
In addition to the above, use a firewall to secure your website. Investing in a firewall such as Astra‘s will not only protect your website but also keep on optimizing its security by learning from each stopped attack. Astra’s Security Suite lets you focus on your business while it takes care of your website security fully and thoroughly. This way, you never need to worry about getting hacked!
Magecart Attacks on Magento: Conclusion
As a customer, being super vigilant while making any transaction online is a must to maintain your privacy. Further, as an e-commerce website on Magento, you should indulge in the best security practices. Stronger permissions settings, having two-factor authentication, being up to date with the current versions in all spheres of a website – all go a long way in making your website secure, trusted, and reputable.
Since Magecart attacks are so widespread, we’ve made a video about them you might find helpful:
Related Guide – Complete Step by Step Guide to Magento Security (Reduce the risk of getting hacked by 90%)
About Astra Security Suite
Astra is the essential web security suite that fights hackers, internet threats & bots for you. We provide proactive security for your websites running popular CMSs like WordPress, OpenCart, Magento etc. Our team is available 24×7 throughout the year to help you regain your hacked website and quickly get back to business.