Digital Data Skimmers : Magecart
It might be better to start by explaining what Magecart is. Magecart is a kind of data skimming, which attacks aim to capture sensivitive data from web-based payment methods. Malicious hacker groups target online payment systems. These attacks use client-side web browser to access any information entered by a customer. For instance, a customer who making an online shopping, has to enter credit card information to complete payment. However, he/she has no idea that what kind of thing is running in backend. When he/she enters card informations in the fields, attackers gather these valuable datas. As a result, cybercriminals reach their purpose by injecting javascript code.
How Does Magecart Work?
Magecart is just like physical skimming. Everything is the same as you visited before but something had been changed in background and you cannot realise that. That’s why, online skimming is more effective because it’s harder to detect.
Shortly, malicious hackers gain access to online store’s source code by using unpatched software flaw, a keylogger is installed to server that funnels payment data to a collection server.
The Impact of Magecart Attacks
- Reputational damage : If a company’s website is subject to such an attack, it will turn into an unreliable place for existing and future customers.
- Financal Loss : If such attacks occur frequently, customers with revenue streams start choosing other companies. There may be a serious reduction in company revenue.
- Regulatory issues: Companies exposed to such an attack can face legal sanctions.
How Can You Prevent Magecard Attacks?
The weakest link in cyber security chain could be human. That’s why;
- You must provide your employees with cyber security awareness training.
- Develop security governance documentation.
- Make sure that your software, hardware and tools are patched and up to date.
- if your employees use their own devices at work,then make sure that these are held to the same standards and that they follow security policies.
Sources:
