What Are Magecart Attacks On Magento Store And How To Prevent Them
Magecart attacks came out of the dark and made headlines when it targeted credit card info of giants like British Airways, Ticketmaster, Netwegg, etc. But, this does not mean Magecart attacks came into existence recently. In fact, Magecart attacks on Magento and other e-commerce websites can be traced back to 2014 when a group of hackers first started monetizing with stolen credit card details. Since then, masterminds of Magecart have been actively skimming the web.
Till date, Magecart has been identified to hack details from more than 110,000 different online shops, according to expert estimations. Also, the websites that bore the maximum brunt of Magecart attacks are e-commerce sites. Moreover, Magento is the ruler of the e-commerce space with the largest market share, and consequently specifically been the hot target for Magecart attacks.
Related article: How to Remove Magento & OpenCart Credit Card Malware Hack?
With this article, we will try to decipher the Magecart attacks on Magento and other e-commerce websites.
Contents of This Guide
- 1 What are Magecart Attacks on Magento?
- 2 The Complete Nexus: Magecart Attacks
- 3 Modus Operandi of the Magecart Groups
- 4 Measures to Secure Your Magento Store from Magecart Attacks
- 5 Conclusion
What are Magecart Attacks on Magento?
Magecart is a name given to a nexus of cyber criminals operating in groups, who engage in illegal web skimming activities and steals credit card info and other payment details of customers online. As identified by RiskIQ in their detailed and meticulous report “Inside Magecart”, there are around 6 to 7 groups that come under the umbrella ‘Magecart’. All of these groups skim the web in one way or another to fetch credit card info online, which in turn they sell in the black market.
Further, the Magecart sprouted from a single group back in 2015. It began by compromising vendor websites and collected and sold credit card details by injecting skimmers, following which many other groups and individual skimmers emerged. All these groups were skimmers but differed in the infrastructure, targets, and their process. The evolution of skimmers and the multiplication of groups continue to this day.
Some of these groups target as many vendors as possible. Some carefully conceal their skimmer. Some use known vulnerabilities in websites to hit the target. Some hunt and compromise plugins to plant skimmers. Some target third parties to gain access to small, medium or big e-commerce online. Some limit their victims to a few high-value organizations and use specially tailored skimmers, domains, and attacks against them. Whatever be their process, the Magecart is a growing threat.
The Complete Nexus: Magecart Attacks
According to “Inside Magecart” report, there are little to no consequences for these criminals behind the screen. Quite contrary to consequences, these criminals make fortunes by selling this info. This can be estimated from the fact that the prices for these skimmers varies from $250 to $5,000, depending on the versatility of the skimmer.
Web skimming is only one part of the complete criminal process that goes inside Magecart. After they fish the valuable credit card data they go ahead to monetize it. It may sound incredible, but there is a vast black market trading and thriving on credit card info. Presumably, these parties use the info to make illicit purchases. This is not all, there is a darker side to this whole Magecart attacks. Apart from making purchases with the stolen information, these data may also be used by criminal groups to ship goods to countries overseas.
The complete list of groups under Magecart
Magecart Group 1 & 2
Casts a wide net for targeting, likely using automated tools to breach and skim sites.
Magecart Group 3
Targets a high volume of vulnerable websites at one go.
Magecart Group 4
Extremely advanced, this group blends in with its victims’ sites to hide in plain sight and employs methods to avoid detection.
Magecart Group 5
This group hunts for known vulnerabilities in third-party vendors and targets the vendor’s user base. This type was implicated in the breach of Ticketmaster.
Magecart Group 6
This group is highly selective in its targets. Goes only for top-tier companies, such as British Airways and Newegg to maximise data collection due to high-volume traffic in these websites.
Modus Operandi of the Magecart Groups
Till now, we have understood what Magecart is and how widespread its links are. Let us then quickly forward to the modus operandi of Magecart attackers
Step 1: Magecart attacks on Magento
There are multiple steps that go behind in this giant web skimming process. The first of which is to gain access to a vulnerable store’s backend.
Step 2: Modify the site’s source code
Step 3: Selling these records
Next, they would sell these records in the black market in return of a hefty amount. The sold data is used to make unauthenticated online transactions, transfer money, buy and ship goods to foreign countries.
Measures to Secure Your Magento Store from Magecart Attacks
Magento regularly releases security patches for webmasters to install. These patches are nothing but fixed and mended vulnerabilities of the previous versions. As a security company, we see a lot of cases of websites being hacked due to outdated versions with known vulnerabilities. Thus, installing these patches is the easiest and best prevention method you can have for your website.
Update Plugins & Themes
In addition to the patches, Magecart hackers also hunt for bugs in third-party sources. First, make sure you only install plugins from trusted sources. Further, keep up with the latest versions of plugins and themes. Being prompt with the updates can eliminate the risk of being hacked.
Set Strict File Permissions
Besides the above two, always set strict file permissions for your website. You can also take help from this article on our blog to set file permissions on Magento.
Use Two-Factor Authentication
Always, and I repeat always use two-factor authentication for checkouts in your website. Two-factor authentication requires an added verification to confirm the authenticity of the credit card owner. This discourages any payment request made from your card even if it’s stolen.
As a customer, being super vigilant while making any transaction online will, for sure, be in your privacy’s favour. Further, as an e-commerce website on Magento, you should indulge in security best practices. Like stronger permissions settings, having two-factor authentication, being up to date with the current versions in all sphere of a website.
In addition to the above, use a firewall to secure your website. Investing in a firewall such as Astra’s will not only leverage a security layer on your website but also keep on optimizing its security by learning from each stopped attack. Astra Security Suite lets you focus on your business while it takes care of your website security fully and thoroughly.
Click here to get an Astra demo now!