Casting a defensive spell against Magecart attacks

One of the hottest holiday trends in e-commerce is a new cybercrime technique.

Magecart sounds like something out of “Harry Potter,” but is a very real online fraud tool that should scare retailers far more than anything from the world of wizards. I recently discussed Magecart with Randy Pargman, senior director of threat hunting & counterintelligence at Ohio-based cybersecurity company Binary Defense. Pargman, who also spent 15 years as a computer scientist with the FBI, described how Magecart works.

“(Hackers) gain access to an e-commerce site and install JavaScript to collect card data and send it to the attacker every time a customer makes a purchase,” said Pargman. “Retailers may use services to check their sites for new script, but the attackers can analyze the checks, and if one is different enough from normal site visits the attacker can analyze where it’s from and return the regular site if they recognize the IP address. This allows Magecart attackers to only run the malicious script when a customer makes a purchase.”

Pargman and many other cybersecurity experts have been warning that Magecart attacks are rapidly growing as the holidays approach. A recently discovered Magecart-related data breach at Macy’s bears this out. 

“Online retailers like Macy’s are prime targets for Magecart, because data is easily stolen during checkout, often through third parties, as customers enter their credit cards,” commented Elad Shapira, head of research at security management platform Panorays. 

So how do retailers stop this seemingly supernatural villainy from ruining the holidays? Fortunately, there are a few real-world solutions that can help banish Magecart attacks back into the gloomy underworld of online retail fraud.

First, as recommended by web security provider PerimeterX, retailers must make sure they are tracking any first- and third-party code being added to their website in real time. Any code from a domain that has suspicious characteristics, such as being recently launched or originating from known hacker trouble spots like Russia or Eastern Europe, should be flagged for immediate review.

Second, retailers must consult with any and all third parties, such as online marketplaces, payment processors, or even maintenance service providers, that may provide entry points to their network. Make sure any entity that has any legitimate reason to have access to any part of your enterprise is aware of Magecart and actively taking preventative steps. 

Third, as recommended by Justin Fox, director of devops engineering for NuData Security, a Mastercard company, retailers need to start verifying the legitimacy of their buyers by using information beyond credit card numbers or other personally identifying data.

“This is where behavioral technologies are providing companies with higher assurance establishing the legitimacy of their customers, even when their stolen credentials are used,” advises Fox.

Finally, retailers must always remain vigilant and active in their online security activities. Stay current with the latest trends and solutions, and always be willing to upgrade or update your existing security infrastructure. Magecart may have become old news by the time the 2020 holiday season rolls around, but cyberattacks will always remain in fashion.