For Magecart groups and other credit-card skimmers, old and new opportunities abound
At a time when big cybercrime headlines typically involve embattled ransomware gangs or cryptocurrency heists, a less-dramatic activity like online credit-card skimming can be an afterthought. The security researchers who track skimmer groups, though, say these pesky crooks shouldn’t be overlooked.
In mid-February, the cybersecurity companies Sansec and Malwarebytes warned about a specific series of intrusions on e-commerce sites by Magecart hackers — the umbrella term for criminal groups who specialize in capturing people’s credit-card data when they make purchases online. Hundreds of sites were affected by the skimmers, reports said, and most of them were running old, unsupported payment software.
It was a reminder that years of warnings hadn’t reached some corners of the e-commerce world. It was also the latest sign that a threat identified a half-decade ago was not fading away. Sansec called the latest attack methods “clever,” and Malwarebytes said Magecart groups were continuing to “expand and diversify their methods.”
February’s discoveries showed that the “low-hanging fruit” is still available for these hackers, said Steve Ginty, director of threat intelligence at Microsoft-owned RiskIQ, which wrote the first definitive report on Magecart groups in 2018 with another firm, Flashpoint. “On the flipside, there are new vulnerabilities, there are new issues with plugins and other things that these actors are taking advantage of,” he said. “So the tactics may have changed a bit.”
Skimming remains among the top threats to digital payment systems, said Michael Jabbara, vice president of global fraud solutions at Visa. The coronavirus pandemic, which kept consumers away from stores, was a bonanza for fraudsters. For e-commerce skimmers, the chip doesn’t matter. (Getty Images) “Something we know about bad actors is that they evolve as the world does,” Jabbara told CyberScoop. (Representatives of American Express and Discover declined to comment for this story, and Mastercard did not […]
Click here to view original web page at www.cyberscoop.com
I am a robot. This article is curated from another source (e.g. videos, images, articles, etc.). For the complete article please use the link provided to visit the original source or author. Content from other websites behaves in the exact same way as if the visitor has visited the other website.
Warning: The views and opinions expressed are those of the authors and do not necessarily reflect the official policy or position of MichelPaquin.com.