The cybercriminal group Magecart has struck again, this time injecting their payment card data-skimming script into the subscription page of Forbes Magazine. The malicious script collects credit card information, which includes the customers’ names, addresses, contact numbers, and emails as well as the credit cards’ expiration dates and CVV/CVC verification codes. The malicious script has since been removed from Forbes’ subscription page.
The malicious activity, uncovered by Bad Packets’ Troy Mursch, is just one among a string of Magecart-related incidents. Last week, security researchers Willem de Groot and Yonathan Klijnsma spotted Magecart targeting web-based service providers, including CloudCMS, Picreel, and AdMaxim.
Magecart’s operations typically involve compromising their target’s supply chain in order to gain unfettered access to troves of personally identifiable information. Their targets’ online infrastructures are usually connected to or used by other service providers. Compromising these targets would in turn enable them to expand their reach and cast a wider net of potential victims. The stolen data can then be monetized in the cybercriminal underground or abused to perpetrate identity theft or fraud.
Supply chain attacks rely on an organization’s lack of visibility into their attack surfaces, which, in Magecart’s case, are unsecure third-party code on their web applications. This highlights the importance of security by design: ensuring the security of the components used to run their applications or websites, especially if they store and manage sensitive data.
Security and IT teams, programmers, and developers can further strengthen their website’s security with these best practices:
Regularly patch and update the software or component being used by the web-facing application or website.
Restrict or disable outdated or unnecessary third-party plug-ins or components, especially if they are no longer issued with patches.
Test and vet the website’s security, availability, and integrity as regularly as necessary.
Proactively monitor the website or application for unusual activities that may indicate, for instance, execution of anomalous scripts and unauthorized access to data.