This article originally appeared in SiliconANGLE on January 16, 2019.
A new subgroup of the Magecart digital credit card skimming gang has been detected that’s targeting advertising-related websites with a new strain of malware, security researchers from RiskIQ Inc. revealed today.
Dubbed Magecart Group 12, the subgroup is said to have been founded in September. It’s specifically gaining access to targets via third-party suppliers of code meant to improve websites, such as content delivery networks.
In one case that targeted French ad agency Adverline, the Magecart group inserted code via the company’s CDN provider to steal credit card data. “In this case, the group compromised a content delivery network for advertisements to include a stager containing the skimmer code so that any website loading script from the ad agency’s ad tag would inadvertently load the Magecart skimmer for visitors,” the researchers explained.
Related Magecart attacks have resulted in the theft of data from Newegg Inc., the Infowars Store, Cathay Pacific Airways Ltd., British Airways, Ticketmaster Entertainment Inc. and, earlier this month, Oxo International Ltd.
Mike Bittner, digital security and operations manager for The Media Trust, told SiliconANGLE that the new malware strain is yet another sign of how sophisticated and organized bad actors have become.“It has not only affected the French ad agency, but at least two large digital ad technology vendors, who saw a malicious domain pop up in their payment pages, but were able to thwart the infection by continuously monitoring their digital ecosystem for unauthorized code and terminating the malware at its source,” Bittner explained.
“Other players along the supply chain should be just as vigilant, especially retail sites at the receiving end of infected ads and whose users will inevitably be affected. If EU consumer information is stolen, affected companies could face General Data Protection Regulation fines.”
Matan Or-El, co-founder and chief executive officer of Panorays Inc., noted that the new attack underscores the need for enterprises to assess and manage the risk from third parties and the supply chain constantly.
“A crucial tool for enterprises would be a system that automates this process and shines the light on those vendors and partners who pose the biggest threat to an enterprise data,” Or-El said.