HQ/EMEAFind out how we can help your business
As we experience the holiday season, threat actors take advantage of the opportunity to victimise online shoppers through web-skimming attacks against numerous e-commerce sites that people frequented. In a recent campaign, researchers noted 44 e-commerce websites that suffered Magecart or web-skimming attacks from hackers that steal users’ banking and personal data.
Three different threat groups were observed, with names tracked as Group X, Group Y, and Group Z, which were attributed to the malicious campaign of exploiting e-commerce sites’ weak security to victimise online shoppers.
The three threat groups performed different attack tactics to target online shoppers.
For Group X, research reveals that they abused an outdated third-party platform called ‘Cockpit,’ which has given them a domain name to use as a skimming script. After re-registering the outdated domain and creating a new setup to distribute malicious codes, Group X compromised about 40 e-commerce sites and stole data from online shoppers.
According to the researchers, all stolen data from the compromised e-commerce sites were forwarded to an exfiltration attacker-controlled server in Russia.
For Group Y, while the skimmer code they used is comparable to Group X, they used a different distribution tactic to propagate attacks. This group injected an impersonated Google Analytics platform into the victims’ e-commerce site homepages to trick people, eventually leading to malicious actors collecting all accessible data.
Group Z implemented similar attack methods to the last two malicious groups, only adding some script and server architecture modifications. In the campaigns launched by Group Z, they used a fake Google Tag Manager to commence their Magecart attacks. Like the last two groups, this group also aimed to steal valuable data from the victims.
Because of these evolving threats against e-commerce sites, experts advise companies to implement proactive defence mechanisms to secure customers’ data from malicious actors. Attackers’ advanced obfuscation techniques allow them to be stealthier. Thus, it is recommended to monitor e-commerce platforms strictly and patch vulnerabilities as soon as they are detected.
