Automated Cyber Attack Payment Card Skimming Hits 2,000 E-Commerce Sites

Researchers: Hackers May Have Used Magento Zero-Day Exploit

In the largest automated hacking campaign since at least 2015, from September 11-14, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe’s Magento software, possibly resulting in the theft of payment card data. It was the largest automated campaign on record, surpassing a breach in July 2019 that hacked 962 stores in a single day.

From September 11th through the 14th, security researchers spotted 10 infected e-commerce sites on Friday, 1,058 on Saturday, 600 on Sunday, and 233 on Monday.

“Tens of thousands” of consumers’ payment card data potentially could have been exposed in this skimmer attack, according to the report.

The targeting of e-commerce sites is described as “a typical Magecart attack.” Magecart is an umbrella term used to describe groups that inject malicious code to intercept payment information. The actual payments are being exfiltrated to a Moscow-hosted site, according to the report.

The number of sites that were targeted in a four-day period indicates some form of automation was likely used. Cybercriminals have been increasingly automating their hacking operations to run web skimming schemes.

On June 30th, Adobe stopped supporting the 12-year-old Magento 1 e-commerce platform that all targeted sites were still using. Adobe has urged customers to upgrade to the newer platform, but research shows about 95,000 e-commerce sites still rely on the older version. The hackers may have used a zero-day exploit for Magneto that was being sold on a darknet forum.

According to Adobe, this issue did not impact customers on the latest version of Magento 2. Adobe Magento is one of the world’s most widely used e-commerce platforms, with about 250,000 users, according to Adobe’s website.

Banks should do what they can to ensure that their commercial customers using e-commerce platforms are aware of the risks and are updating their software as needed. This is especially important for smaller businesses without the resources of a giant online retailer. Customers should also be encouraged to check their balances frequently as these automated attacks are likely to increase in the coming months and years.

If you have questions about IT security for your bank, contact ITPAC today.