According to a new report by Malwarebytes, MageCart skimmers are upping their game when hijacking legitimate online stores’ payment pages, and displaying a high quality customized web element known as a modal to act as the checkout page to steal customers’ credit card information. Some of the fake forms are better than the authentic pages.
The hackers’ payment modal forms are well designed and offer relevant details of the retailer. They are often more realistic than the original site, and better yet, it’s not a third-party check-out which consumers are more distrusting of.
From the user’s perspective, once their details are entered on the modal, it displays a bogus loader, then a fake error which redirects the buyer to the real payment URL. At this point the data is compromised and, lastly, to avoid exposing the operation, the skimmer drops a cookie to prevent reloading of the malicious modal. Over the past couple months Malwarebytes observed that the trend of using these stealthy, custom modal forms is on the rise.
Roy Akerman, Co-Founder & CEO, Rezonate had this comment:
“This technique is more than a decade old. Poor security controls and overall hygiene of websites have been a constant challenge. Protocols such as 3D-Secure 2.0 and Mastercard Securecode are 2 examples for ways to avoid any tampering during the purchase stage, regardless of whether the website was breached, or any MITM (man-in-the-middle) attempts from a compromised endpoints able to hijack a session and steal information.
“Assuming the look and feel is flawless, and you had a reason to go into that site, and did not receive a phishing email/smishing SMS as a trigger point, you could also try first to fake your credit info as a first step and see if you hit an alert/or are able to passthrough.“
This is making it very, very difficult to know if a site has been compromised by a threat actor. Mr. Akerman’s advice is good, but I have to wonder how long before threat actors take that into consideration and make it impossible to spot a compromised site.
UPDATE: Baber Amin, COO, Veridium added this comment:
“Magecart or online skimming is the compromise of online shopping carts and checkout process. Bad actors can inject malware into ill maintained ecommerce sites.
“Additionally, all the security offered by EMV and contactless cards is nullified, when the user voluntarily enters the CC information at checkout. Not only that, but they also enter information that can be used for Identity Theft, e.g. email address, shipping address, possibly a username and a password, etc.
- It is important for website administrators to stay up-to-date with their content management system’s patches and plugins.
- Buying from reputable online vendors is the best option for end users
- If possible, use virtual cards online
- Use unique usernames and passwords on each site if you must create an account
- If they offer PayPal during checkout, use it, as it creates an indirect level of payment
- A better solution is to use services like Apple Pay and Google Pay, which replace sensitive information with arbitrary tokens (Tokenization). These services provide a more secure and convenient experience, as they use tokenization to protect sensitive information. Since these tokens disappear after each authorization, they cannot be reused if stolen. The other advantage of these services is that they work both in person and for online shopping. EMV or chip cards are reduced to the security of the older non chip card when paying online, as there is no chip reader available”
Here We Go Again… T-Mobile Has Yet Again Been Pwned By Hackers
Posted in Commentary with tags Hacked on May 1, 2023 by itnerdI have honestly lost count at the number of times that T-Mobile has been pwned by hackers. Though the last time that they got pwned was earlier this year. But whatever the count is, you can add one to it as T-Mobile has been pwned again. Here’s the details from Bleeping Computer:
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers. Still, the amount of exposed information is highly extensive and exposes affected individuals to identity theft and phishing attacks.
“In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023,” the company said in data breach notification letters sent to affected individuals just before the weekend, on Friday, April 28, 2023.
Ani Chaudhuri, CEO, Dasera had this comment:
T-Mobile’s recent data breach, which affected 836 customers and exposed extensive personal information, underscores the importance of robust data security platforms. Although this breach was not as large as previous incidents, it still leaves affected individuals vulnerable to identity theft and phishing attacks.
T-Mobile has experienced several data breaches in recent years, with the latest incident in 2023 marking their ninth disclosure since 2018. Despite facing multiple challenges, T-Mobile has consistently demonstrated a strong commitment to addressing and mitigating the impact of these breaches on its customers. Their rapid and proactive responses, such as resetting account PINs, offering free credit monitoring and identity theft detection services, and maintaining open communication with affected individuals, showcase the company’s dedication to safeguarding customer data and prioritizing security. This track record highlights T-Mobile’s resilience and ability to adapt in an ever-evolving digital landscape where data security is paramount. However, this incident also highlights an opportunity to enhance data security measures further.
One way to improve data security is by implementing comprehensive platforms that empower businesses to leverage structured and semi-structured data throughout their lifecycle safely. These platforms should offer automated data security and governance controls, continuous visibility, risk detection, and mitigation, all while aligning with business goals and ensuring seamless integration, unmatched security, and regulatory compliance.
Businesses can adopt a secure, data-driven growth strategy that minimizes risk and maximizes value by deeply understanding the four data variables – data infrastructure, data attributes, data users, and data usage. In the case of T-Mobile, a data security platform that effectively manages structured data usage could have mitigated the recent breach’s impact.
As the digital landscape evolves rapidly, businesses must prioritize data security to maintain a competitive edge. While T-Mobile’s response to the recent breach was commendable, this incident serves as a reminder that there is always room for improvement in data security measures. By adopting comprehensive data security platforms, businesses can better protect customer information and prevent future breaches.
Okay. So it’s a low number this time around. That’s not the issue. The real issue is that they keep getting pwned. It’s as if they’re not even trying to keep customer data safe. And even if that’s not the case, do you really want to be with a phone carrier who get pwned as often as T-Mobile does?
Leave a comment »