This article originally appeared in Journal of Cyber Policy on September 12, 2018.
NEWS:
RiskIQ data shows Magecart was behind the British Airways breach by compromising javascript on the airline’s website with an extremely targeted attack.
Researchers from RiskIQ have published details on the British Airways data breach that impacted 380,000 booking transactions between August 21 and September of this year linking it to Magecart, a known for web-based credit card skimming, that likely used a cross-site scripting attack. The group also invested time into targets to find ways to breach specific high-profile companies, like Ticketmaster https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
COMMENT:
Mike Bittner, digital security and operations manager at The Media Trust:
“The British Airways and Ticketmaster breaches demonstrate two things: the failure of some developers and software engineers to integrate security measures in designing web apps and organized cybercriminals’ continued exploitation of the resulting web app vulnerabilities to stage their attacks. The tools and techniques to prevent cross-site scripting and SQL injections have been around for a while, but they continue to be ignored. Developers should determine what is safe user input and reject all others, be they text, javascript or any unauthorized code. Website operators should carefully vet third-party web app providers to ensure their products have the right security measures in place. Second, they should test their web apps to ensure they are not vulnerable to attacks involving cross-site scripting or SQL injections. Finally, they should continuously scan their sites in real-time to detect any unauthorized code. Anything less than a pro-active, comprehensive approach to securing their sites could amount to infringement of a growing number of consumer data privacy regulations like GDPR.”