DTX Manchester DTX Manchester
  • About Us
Sunday, 17 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Magecart and the Inter Skimmer threat

The Inter Skimmer is a hot market cybercrime item and comes prepacked and instantly deployable

by Fabian Libeau
November 10, 2020
in Insight
Magecart and the Inter Skimmer threat
Share on FacebookShare on Twitter

As the global pandemic has shifted life into the online space, cybercriminal groups have keenly exploited the digitisation of society’s interactions over the lockdown period. One particularly notorious group that security teams should be aware of is Magecart, a shadowy criminal syndicate responsible for many of the recent high-profile credit card skimming attacks.

Who is Magecart?

Magecart – whose name is derived from a portmanteau of Magento and shopping cart – is an online criminal organisation that boasts of a wide portfolio of attacks against organisations across the globe. Its modus operandi is to steal the data, especially credit card information, of unsuspecting customers through inserting malicious code into the framework of legitimate company websites.

Notable examples of Magecart pilfering include the 2018 attack on British Airways (BA) in which the details of 500,000 customers were swiped by the attackers – this led to the Information Commissioners Office (ICO) issuing BA a £183m fine for breaching General Protection Data Regulation (GDPR).

A slew of attacks has followed, including the most recent September 2020 strike against Warner Music Group. Underlining the scope of the threat, a Magecart attack has been recorded to infect a website every 16 minutes.

Upgrading the arsenal

Web skimming has proven to be a highly lucrative tactic in the arsenal of cybercriminal groups. This being the case, in protecting organisations, its important to gain an understanding of what tools threat actors use and how they have developed over time.

One tool that is being seen by security researchers with increasing ubiquity is the Inter Skimmer kit – indeed, this skimming tool is one of the most commonly used digital skimming solutions across the globe. In fact, recent research identified that Inter Skimmer is currently active on more than 1,500 websites.

A worrying aspect of the Inter Skimmer kit is that is has made the execution of web skimming attacks far more accessible to those who might not necessarily have the know-how to ordinarily conduct attacks. There is a thriving underground market for skimmers, compromised sites, and stolen data. Faced with free market competition, crooked developers have found that the easier a skimmer is to use, the more likely it is to sell.

The Inter Skimmer is a hot market cybercrime item and comes prepacked and instantly deployable. This allows prospective cybercriminals with a bit of money and a little expertise to immediately and easily begin targeting businesses. Similar to legitimate software that can be purchased, the Inter Skimmer comes with a dashboard to help generate and deploy skimming code and back-end storage to collect the skimmed payment data.

When looking at how the Inter Skimmer has proliferated, it is important to understand the underground market dynamics that have allowed it to do so. Skimmers are continuously being developed and upgraded, similar to commercially available software. This has led to the Inter Skimmer being highly efficient and more difficult to detect.

Indeed, today’s Inter Skimmers can even integrate an obfuscation service if the actor has access to an API key to access a far wider variety of obfuscation techniques. Other new features include creating fake payment forms on sites that use payment service providers, such as PayPal, and quick, automatic checks of new exfiltrated data against previously skimmed data via MD5 and cookie information to identify and remove duplicates.

Thwarting the Inter Skimmer threat

Given the serious nature of the threat and the damage that can be wrought upon a company’s brand if it were to fall victim to a high-profile skimming attack, it’s vital that organisations contend with the potentiality of an attack.

Paramount to remaining safe is through extensive knowledge and visibility of the organisation’s web-facing digital assets and their underlying JavaScript, regardless of whether it was developed by the organisation or loaded from a third-party provider as a service. As skimmer code executes on the user machine, seeing the world through the eyes of the user can highlight malicious changes that would otherwise go unnoticed.

Without a doubt, web skimmers will continue to be developed and improved through the aggressive mechanisms of black-market capitalism. For organisations to protect both their customers and their brands, they too must guarantee that their security infrastructure is being routinely developed, so that they can detect and thwart Inter Skimmer attacks as they inevitably arise.

Contributed by Fabian Libeau, VP, EMEA, RiskIQ

5 1 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Mashable suffers data breach exposing users’ details

Next Post

AI, ML, or just automation?

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

game

400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack

January 15, 2021

XSS vulnerability affects government websites

January 15, 2021

COVID-19 State of Remote Work Survey: 34% of Workers Felt Pressure to Return to the Office

January 15, 2021
CCTV used to spy

Ethics Officer Facing Cyberstalking Charge

January 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept