- Joined
- Mar 3, 2018
- Messages
- 1,713
Working together, Volexity and RiskIQ discovered a credit card skimming attack on Newegg's website. The security researchers claim that hackers injected Javascript code into Newegg's secure checkout page, which would collect form data and send it to "neweggstats.com". That domain was created on August 13th, and started collecting data on August 16th, but the offending Javascript code wasn't removed until September 18th. The researchers say that the same actors behind the British Airways and Feedify hacks were behind this attack. Needless to say, if you ordered anything on Newegg in August or September, you should call your bank.
Magecart attacks are surging-RiskIQ's automatic detections of instances of Magecart breaches pings us almost hourly. Meanwhile, we're seeing attackers evolve and improve over time, setting their sites on breaches of large brands. While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious, performing cunning, highly targeted attacks with skimmers that seamlessly integrate into their targets' websites. The attack on Newegg shows that while third parties have been a problem for websites-as in the case of the Ticketmaster breach-self-hosted scripts help attackers move and evolve, in this case changing the actual payment processing pages to place their skimmer.
Magecart attacks are surging-RiskIQ's automatic detections of instances of Magecart breaches pings us almost hourly. Meanwhile, we're seeing attackers evolve and improve over time, setting their sites on breaches of large brands. While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious, performing cunning, highly targeted attacks with skimmers that seamlessly integrate into their targets' websites. The attack on Newegg shows that while third parties have been a problem for websites-as in the case of the Ticketmaster breach-self-hosted scripts help attackers move and evolve, in this case changing the actual payment processing pages to place their skimmer.