Could a Magecart Attack Hit Your E-Commerce Website?

Nearly 17,000 e-commerce websites since April 2019 have had their online shopping carts compromised by the latest and scariest new cyberattack tactic: Magecart attacks.

These numbers are staggering, and the attacks are proving frustratingly difficult to stop. Worse, the ramifications will be real and painful for any merchant that gets hit. After all, how can any merchant ever regain the trust of its customers if their online shopping cart has been proven untrustworthy?

In the fight to stop these terrifying attacks, here’s what every e-commerce merchant needs to know.

What Is a Magecart Attack?

According to a new report from threat intelligence firm RiskIQ, the hackers act on vulnerabilities that are created when website owners inadvertently misconfigure their Amazon Web Server (AWS) S3 storage servers. These servers act as cloud-based “buckets” that store important data – including credit card numbers that are collected by e-commerce websites.

AWS S3 servers are secure when their standard settings are used; however, many companies customize these settings. If the customization is misconfigured, a security gap can occur. This misconfiguration can allow anyone with an AWS account to not only read the contents of the “bucket” but also write new code onto the servers – such as code to steal card data from an e-commerce site.

The result is a compromised checkout process. As a customer inputs their credit card details into a cart payment form, the malicious code skims these details and sends the data to the hackers’ servers. This stolen data — including the customer’s name, credit card and CVV number, and expiration date — then often finds its way to the dark net, where it’s purchased and used by other fraudsters.

Why These Attacks Are Increasing

Perhaps surprisingly, Magecart attacks aren’t anything new. As early as 2015, cybercriminals have used Magecart attacks to take advantage of vulnerabilities that enable JavaScript files to be overwritten. 

One reason these attacks are on the rise in recent months is because the scripts are cheap to buy – costing between $250 to $5,000 in underground forums – and easy to customize to maximize the damage. 

In fact, the attacks are so easy to run that attackers have been changing their tactics and using a “spray and pray” approach. Rather than explicitly targeting specific websites with known security gaps, today’s attackers are casting a wide net and altering the code even on websites that have nothing to do with e-commerce. And once the code has been installed, it can be frustratingly difficult to find and remove.

Worse, many websites use the same AWS S3 buckets – meaning that altering the code in one bucket could ultimately impact multiple sites. One attack reported in early July 2019, hit nearly 1,000 online retailers and resulted in customers’ credit card details being stolen in less than 24 hours.

It’s not just small sites that are vulnerable, either. In 2018, industry giant British Airways had 380,000 customers’ payment details stolen in a Magecart attack. Ticketmaster and Newegg are also thought to have been hit by Magecart attacks.

How e-Commerce Merchants Can Protect Their Websites

Every retailer selling online needs to understand that their platform could be targeted at any time by fraudsters launching Magecart. These cybercriminals have also begun experimenting with new, even subtler techniques that are harder for merchants to detect and can collect more data, such as login credentials.

Merchants running old versions of a shopping platform are especially at risk, which is why it’s critical to update and patch content management platforms routinely.

In the end, it might be that a simple, proactive approach to website security is the easiest and most effective way to avoid being compromised and ensure the safety and security of the business’s data and revenue.

Is every valid order being approved