Skip to main content
Application Security Image
Last Updated Jun 05, 2020 — Application Security expert

In Plain Sight II: On the Trail of Magecart

Application Security

On the surface, the breaches that impacted British Airways, Ticketmaster and Forbes seem like any other cyberattack: a bad actor finds a security hole and exploits it. And while the headlines may not appear unique, the fact that Magecart style attacks continue to succeed at breaching the websites of global companies without being detected is costing millions of dollars in fraudulent credit card charges and government penalties.

New research conducted by advisory firm Aite Group revealed that 100% of the eCommerce  websites examined were not protected — making them easy prey for Magecart attacks. Even more startling is the fact that it took only 2.5 hours of research to uncover the 80 compromised sites. Among the other notable findings:

  • All of the compromised websites use an outdated version of Magento which is vulnerable to formjacking and digital card skimming
  • None of the websites used appropriate in-app protection capabilities such as code obfuscation and tamper detection
  • 25% of the sites were large brands in motorsports and luxury retail

Download the full report to learn more about the methods and techniques Magecart groups use to conduct digital card skimming and formjacking, and the security measures you can deploy to protect your website and your customers.

In Plain Sight II: On the Trail of Magecart

 

More from the Blog

View more
Jun 02, 2020

Here Comes CCPA

Application Security
  Ready Or Not, Here It Comes! As of publication, there are 147 ...
Read More
May 27, 2020

Application Security: Testing is NOT Enough

Application Security
In the software development world, developers are faced with a break ...
Read More
Apr 16, 2020

The Next Step in the Arxan Journey

Application Security
  As many of you may have seen, we just announced that we have been ...
Read More
Android Cracks and App Hacks — What Is StrandHogg?
Feb 24, 2020

Android Cracks and App Hacks — What Is StrandHogg?

Application Security
StrandHogg is a critical vulnerability within the Android mobile opera ...
Read More
Contact Us