For Magecart groups and other credit-card skimmers, old and new opportunities abound

At a time when big cybercrime headlines typically involve embattled ransomware gangs or cryptocurrency heists, a less-dramatic activity like online credit-card skimming can be an afterthought. The security researchers who track skimmer groups, though, say these pesky crooks shouldn’t be overlooked.

In mid-February, the cybersecurity companies Sansec and Malwarebytes warned about a specific series of intrusions on e-commerce sites by Magecart hackers — the umbrella term for criminal groups who specialize in capturing people’s credit-card data when they make purchases online. Hundreds of sites were affected by the skimmers, reports said, and most of them were running old, unsupported payment software.

It was a reminder that years of warnings hadn’t reached some corners of the e-commerce world. It was also the latest sign that a threat identified a half-decade ago was not fading away. Sansec called the latest attack methods “clever,” and Malwarebytes said Magecart groups were continuing to “expand and diversify their methods.”

February’s discoveries showed that the “low-hanging fruit” is still available for these hackers, said Steve Ginty, director of threat intelligence at Microsoft-owned RiskIQ, which wrote the first definitive report on Magecart groups in 2018 with another firm, Flashpoint. “On the flipside, there are new vulnerabilities, there are new issues with plugins and other things that these actors are taking advantage of,” he said. “So the tactics may have changed a bit.”

Skimming remains among the top threats to digital payment systems, said Michael Jabbara, vice president of global fraud solutions at Visa. The coronavirus pandemic, which kept consumers away from stores, was a bonanza for fraudsters. For e-commerce skimmers, the chip doesn’t matter. (Getty Images) “Something we know about bad actors is that they evolve as the world does,” Jabbara told CyberScoop. (Representatives of American Express and Discover declined to comment for this story, and Mastercard did not […]

Click here to view original web page at www.cyberscoop.com

On y est presque!
À quelle adresse dois-je vous envoyer le Guide?