Magecart, an umbrella term composed of dozens of cybercriminal groups that conduct digital credit card-skimming attacks, has reportedly compromised upwards of two million websites and 18,000 hosts.

According to the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), researchers at RiskIQ determined that the largest spikes in Magecart detections are a result of supply chain attacks. "A successful attack is conducted by injecting malicious JavaScript meant to victimize online shoppers as they enter payment information during checkout. An average Magecart attack usually lasts for at least 22 days. However, if it is not detected can last indefinitely," says the NJCCIC. 

The NJCCIC recommends consumers disable JavaScript in their browser, as feasible, and for online merchants to block attacker domains and known malicious IPs. In addition, they advise merchants to conduct thorough security due diligence reviews of third-party services and resources.

To find out more, click here.