New Wave of Cyber-attacks: “Magecart” May Cost Online Shoppers and Card Companies $500 Million a Month
November 2018 by CyberInt
Since the recent cyber-attacks on Ticketmaster and retailer Newegg, international cyber security company CyberInt has identified an additional 32,000 smaller online retailers who have also been hit with similar tactics, techniques and procedures (TTP) exploiting vulnerabilities in the online commerce platform. The attack has been dubbed “Magecart.”
The new malware scrapes data from the online store and commerce pages and uses them to “skim” shoppers’ credit-card details from legitimate online checkout pages. Neither the retailer nor the customers see that anything untoward has occurred.
CyberInt has been tracking the attacks since August – right after the ABS-CBN breach. Based on the expected volume of stolen credit card details, it is safe to assume the organized criminal gangs (OCGs) concerned could be making as much as US$11.4 million a month out of these hacks alone, although the cost to their victims is many times more.
The average cost of a card stolen online for the customer and card issuer is almost $1,100. In cases identified in one month alone by CyberInt, this evidences that point-of-sale scraping of the 32,000 retailers recently hit could cost customers and card companies roughly $500 million a month, with this figure likely to grow substantially as the shopping season starts in earnest.
Whilst there is no indication as to what those behind the attacks are doing with their huge haul of stolen payment card data, these are often resold and exchanged on a buoyant underground “carding” economy.
Credit card details retail on the Dark Web for around US$25 each.
“In all the attacks we have monitored, the TTP used by the cybercriminals resemble those used by Russian OCGs,” says CyberInt Lead Researcher, Jason Hill.
The reason for the concentration of OCGs inside Russia is that cybercrimes perpetrated on enterprises and individuals outside the country are not prosecuted inside Russia. This has given the OCGs a free hand to develop and deploy sophisticated malware such as “Magecart” in the run-up to 2018’s shopping season.
Given the apparent success of the attacks thus far, it is likely that more clusters of TTP and potential threat actor profiles will continue to evolve.
Retailers and Criminals in Cyber-race to Christmas
“CyberInt is doing its best to help avert the threat of a monumental global rip-off of online retailers and the consumers they serve during the coming holiday season, when retailers generally expect to make roughly 40% of their annual sales,” says CyberInt CEO Amir Ofek. “Small retailers are particularly vulnerable as they are often a soft target for OCGs. We expect that the number of retailers targeted will continue to grow especially as we head toward the holiday season, an online retail peak.”
This month’s seasonal sales days Black Friday (November23) and Cyber Monday (November 26) are now rapidly drawing retailers and criminals into a neck-and-neck cyber-race. CyberInt is already seeing a rapid escalation in the number of online retailers being targeted by OCGs, who are increasingly using nation-state-style attacks and sophisticated TTPs to create unnoticeable hacks that often sit on the retailers’ systems undetected for weeks.
Sophisticated detection and cyber analytics are now the only effective counter-measures for retailers to adopt; targeted threat intelligence, real-time technology, automation, cyber expertise, and holistic digital risk protection will make or break the holiday season for both sides - the retailers and the cybercriminals.