Due to the prevailing COVID situation around the world, online shopping has experienced a boost. In April, it was reported that over 5.2 Million households shopped online in the US. From alcohol to electronics, majority of items are now available online. While online shopping is convenient, it is also the “safest” option due to the contactless delivery option.
Since shoppers are spending more time online, it also raises questions about the security of these platforms. While the preference for online shopping was rising before the virus hit, it wasn’t as popular as it is now. This implies that online retailers have more traffic on their platforms than before. As more customer data is being shared on these platforms, it exposes the customers and the site to attacks. Shopping carts are key to administering attacks on these sites. From adding items to buy to building up a “wish list”, shopping carts hold the most information. This makes them attractive targets for hackers and scammers.
Shopping Cart Attacks Explained
Shopping Carts facilitate every purchase. Once customers add products to the shopping carts, they are taken to the payment gateway system for online payments. This page can be exploited and is the catalyst for “Credit Card Frauds”. Skimming attacks such as “Magecart Attacks” are heavily dependent on Shopping Carts and Payment gateways. The term “Magecart” is used to refer to a collusion of hackers who actively exploit shopping cart systems. A popular attack since 2014, Magecart attacks were known to cause an upheaval of established payment platforms in 2019. Small scale online stores are prime targets of these attacks due to the absence of safeguards on these platforms.
Hackers follow a 3 step process while carrying out Magecart attacks. This is how they do it: -
1. Placing Skimming Code
Hackers administer their attacks by gaining access to the target website. Once they gain root access to these sites, they place their skimming code. There are 2 ways to gain access to the site: -
i. Breaking into the infrastructure of the site
ii. Attacking third party vendors or infecting third party tags
2. Skimming Information from Forms
Once the skimming code is placed on the site, it intercepts inputs onto specific parts of webforms like Card number and CVV. This is usually done on Shopping Cart pages because it holds this information. Attackers disguise the malicious code with code that looks legitimate.
3. Reports Information Back to Server
Once they start receiving the information from their code, they disperse it across the internet. This reduces the likelihood of getting detected by the site’s servers.
Who are behind Magecart groups?
As noted earlier, Magecart groups refers to a consortium of hackers involved in webs skimming attacks. They are driven by the need to collect sensitive information, which they sell to make a fortune. The price of customer data varies between $500 to $5000. The buyers of these data types use it for their own benefit to make illicit purchases.
There are 6 groups of Magecart attackers: -
1. Magecart Group 1 & 2 — Use targeted tools to attack and skim websites
2. Magecart Group 3 — Attack multiple vulnerable sites at once
3. Magecart Group 4 — Tracks victim’s online activity to gather as much information as possible
4. Magecart Group 5 — Exclusively targets third party vendors and goes after their users
5. Magecart Group 6 — Only targets top tier online platforms to exploit the high volume of traffic on these sites
While majority of Magecart groups target payment data, data suggests that they have moved on to other attack types. They now employ ad servers as well as tailored attacks to exploit system vulnerabilities.
How Does One Protect Themselves?
Here is a concise list of measures that Online Platforms and customers must adopt to protect themselves against these attacks: -
Mandatory 2 factor authentication
Regularly changing passwords
Setting Strict File Permissions
Avoid Storing Payment Information Online
Backup of Database
Using Private Windows in Browsers
Online Attacks are evolving at a rapid pace. The fact that they are easily accessible to literally everyone is a testament to it. Therefore, it is wise to go the extra mile to ensuring that you are on top of it. Every ounce of information is similar to being a part of a puzzle. Attackers need pieces to complete their puzzles and it is the website’s responsibility to keep it from happening. While researchers have clear mitigation strategies for this attack, it still prevails. The only way to get past this is to employ proven tactics and work with experts. Building a reliable brand requires investment and that is exactly what technical expertise constitutes as — a good investment.