Web skimming

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Web skimming, formjacking or a magecart attack is an attack where the attacker injects malicious code into a website and extracts data from an HTML form that the user has filled in. That data is then submitted to a server under control of the attacker.[1][2]

Mitigation[edit]

Subresource Integrity or a Content Security Policy can be used to protect against formjacking, although this does not protect against supply chain attacks. A web application firewall can also be used.[2][3]

Prevalence[edit]

A report in 2016 suggested as many as 6,000 e-commerce sites may have been compromised via this class of attack.[4] In 2018, British Airways had 380,000 card details stolen in via this class of attack.[5] A similar attack affected Ticketmaster the same year with 40,000 customers affected[6] by maliciously injected code on payment pages.

Magecart[edit]

Magecart is software used by a range[7] of hacking groups for injecting malicious code into ecommerce sites to steal payment details.[8] As well as targeted attacks such as on Newegg,[9] it's been used in combination with commodity Magento extension attacks.[10] The 'Shopper Approved' ecommerce toolkit utilised on hundreds of ecommerce sites was also compromised by Magecart[11] as was the conspiracy site InfoWars.[12]

References[edit]

  1. ^ Reddy, Niranjan (2019). Practical Cyber Forensics : an Incident-Based Approach to Forensic Investigations. Berkeley, CA. ISBN 1-4842-4460-5. OCLC 1110377452.
  2. ^ a b "You Need to Protect Your Website Against Formjacking Right Now". PCMag. Retrieved 2021-05-20.
  3. ^ Wueest, Candid. "Internet Security Threat Report - Formjacking: How Malicious JavaScript Code is Stealing User Data from Thousands of Websites Each Month". Symantec.
  4. ^ Ismail, Nick (13 October 2016). "Stowaways: malicious skimming code hiding in almost 6,000 online shops". Retrieved 9 December 2018.
  5. ^ Whittaker, Zack (11 September 2018). "British Airways breach caused by credit card skimming malware, researchers say". Retrieved 9 December 2018.
  6. ^ Priday, Richard (28 June 2018). "The Ticketmaster hack is a perfect storm of bad IT and bad comms". Retrieved 9 December 2018.
  7. ^ Whittaker, Zack (13 November 2018). "Meet the Magecart hackers, a persistent credit card skimmer group of groups you've never heard of". Retrieved 9 December 2018.
  8. ^ Muncaster, Phil (1 October 2018). "Magecart: Time to Focus on Web Security to Mitigate Digital Skimming Risk". Archived from the original on 10 December 2018. Retrieved 9 December 2018.
  9. ^ Osborne, Charlie (19 September 2018). "Magecart claims another victim in Newegg merchant data theft". Retrieved 9 December 2018.
  10. ^ Cimpanu, Catalin (23 October 2018). "Magecart group leverages zero-days in 20 Magento extensions". Retrieved 9 December 2018.
  11. ^ Leyden, John (9 October 2018). "Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites". Retrieved 9 December 2018.
  12. ^ Blake, Andrew (14 November 2018). "Alex Jones' Infowars store infected with malware capable of skimming payment data". Retrieved 9 December 2018.