Magecart, Dozens of Cybercriminal Groups, Compromise Two Million Websites

Magecart, an umbrella term composed of dozens of cybercriminal groups that conduct digital credit card-skimming attacks, has reportedly compromised upwards of two million websites and 18,000 hosts.

According to the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), researchers at RiskIQ determined that the largest spikes in Magecart detections are a result of supply chain attacks. "A successful attack is conducted by injecting malicious JavaScript meant to victimize online shoppers as they enter payment information during checkout. An average Magecart attack usually lasts for at least 22 days. However, if it is not detected can last indefinitely," says the NJCCIC.

The NJCCIC recommends consumers disable JavaScript in their browser, as feasible, and for online merchants to block attacker domains and known malicious IPs. In addition, they advise merchants to conduct thorough security due diligence reviews of third-party services and resources.

To find out more, click here.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.