Stop Digital Skimming And Magecart Attacks with PerimeterX

What Is Digital Skimming?

Often called online card skimming, a digital skimming attack steals credit card or payment data from your web visitors. Bank ATMs and gas station/retail point of sale systems have experienced physical skimming where the attackers install stealthy skimming devices and webcams to steal credit/debit card numbers and pins. Digital skimmers do the same thing on webpages and hijack the path to the payment pages or any forms and present their own payment page to unsuspecting users. Formjacking was the term originally used when hackers modified forms on the web servers and collected PII data.

Attackers take advantage of the security weaknesses in third-party client-side code including JavaScripts and open source libraries. Often they use known zero-day vulnerabilities in third-party code as an opening to gain access to websites and mobile applications. Also, many developers mistakenly store the secret access codes into their Github repositories and then they leak. And once the attackers have these access codes, they have control of the content. Digital skimmers inject malicious code into the third-party scripts on your website and steal credit card data information. These attacks are also called website supply chain attacks since the main threat comes from the third-, fourth- or fifty-party scripts and libraries used by websites.

Magecart: the Most High Profile Digital Skimming Attack

Magecart is a style of digital skimming attack on web and mobile applications. In the British Airways attack, one of the Magecart group of attackers modified an existing script to skim customer payment information for theft unbeknownst to the users or British Airways. Website operators have no visibility into what happens inside their users’ browsers when their client-side code is changed.

Magecart hackers inject an unwanted piece of JavaScript code into checkout pages or modify paths to checkout pages to “skim” sensitive information. Magecart attackers also obfuscate the injected code and geofence their target website to a country or region to stay undetected.

The injected code waits for users to fill out forms with their credit card numbers or other personal information. The information is transmitted directly from the user’s browser/device to a site controlled by the attacker. Once they’ve stolen this data, cybercriminals are free to go shopping on the users’ accounts or resell the stolen information on the dark web.

A Growing Menace to E-Commerce

As online shopping continues to grow, so do cybercrimes. Within a 12-month period from 2017 to 2018 , Magecart, a loosely organized group of cybercriminals, breached more than 12 third-party software vendors. For today’s e-commerce companies, digital skimming is the new normal. In 2019, British Airways paid $230 million in regulatory fines - all stemming from a Magecart attack in 2017.

For hackers, this type of attack brings in big profits with very little effort. In one reported case, the attack was as simple as a single line of HTML that loaded a malicious script used to carry out an attack on thousands of websites.

The majority of digital skimming attacks target third-party content management systems and online shopping cart systems. Merchants rely on them to make their e-commerce sites more seamless and user-friendly. But these third-party tools are under constant attack by digital skimmers looking to exploit their security vulnerabilities.

To avoid detection, attackers will hide malicious code inside good code. Merchants and customers might be unaware of the code change or the breach for days or even months in some cases. As of Oct 2019, none of the Magecart hackers have been caught.

How Are Companies Fighting Digital Skimming and Magecart Attacks?

Sadly, there are no good options available if you choose to rely on existing security solutions like Web Application Firewalls. Some companies are placing their bets on static scanning of their site, not realizing the dynamic nature of the Magecart attacks. Solutions like sandboxing create significant hurdles in the website development process and break continuous integration/continuous deployment cycles. Content security policies (CSP) are also the first resort for many web application security professionals. CSPs, originally used for protection against cross-site script execution, need a lot of tuning. CSPs don’t provide any visibility into first- or third-party scripts, site activity and doesn’t cover any new and sophisticated attacks.

Stop Digital Skimming Attacks Like Magecart with PerimeterX Code Defender

PerimeterX Code Defender safeguards your website and user data from client-side attacks. It provides visibility into scripts running on the client-side and identifies any suspicious signs and changes, preventing compromised scripts from hijacking your users’ data. Every user’s execution of every script is monitored to achieve full visibility.

Stop Digital Skimming Attacks Like Magecart with PerimeterX Code Defender

By leveraging real-time, behavior-based analysis and machine-learning models, Code Defender delivers the most accurate detection of digital skimming threats. With deep knowledge of how attackers think and act, it protects your digital business from the latest generation of cyberattacks.

© PerimeterX, Inc. All rights reserved.