Most global e-commerce sites at high risk for Magecart attacks

Register now

Just 2.5 hours of research conducted by research and advisory firm Aite Group revealed that more than 80 global e-commerce sites were actively being compromised by Magecart threat groups, which have been responsible for high-profile breaches of global enterprises.

The study, commissioned by security company Arxan Technologies, examined the impact of the threat groups, which use credit card skimming technology to infect e-commerce platforms and Web sites with the goal of stealing personal and financial information without being detected for months.

As organizations continue to rely on revenue from e-commerce activities, the potential financial impact of Magecart is “dire,” the study said. The fallout from digital skimming breaches in 2018 cost organizations hundreds of millions of dollars in government penalties alone, it said. Making matters worse, an estimated 20 percent of Web sites hit by Magecart become reinfected within five days of remediating the original problem.

The threat is widespread and growing, said Alissa Knight, cyber security analyst at Aite Group. “Because so many Web applications are lacking in-app protection, adversaries are able to easily debug and read a Web app’s JavaScript or HTML5 in plain text,” she said.

To conduct the research, Knight used a source code search engine that scoured the Web for obfuscated JavaScript that she found in repeating patterns of previously published Magecart breaches.

The research showed that 100 percent of the 80 sites discovered had no in-application protection implemented, and 25 percent of the sites discovered were large, reputable brands.

To combat the threat, the report suggested that retailers and e-commerce organizations update or patch e-commerce platforms to the latest version; audit Web code to ensure that Web sites have not been compromised; and implement a security tool that can provide alerts when suspicious activity targets Web application code.

For reprint and licensing requests for this article, click here.