FBI Issues Warning About e-skimming Attacks by Magecart Group

FBI Issues Warning About e-skimming Attacks by Magecart Group

The US Federal Bureau of Investigation issued today a warning for the US private sector about e-skimming attacks, also known as web skimming, or Magecart attacks.

E-skimming attacks happen following a simple pattern: (1) hackers gain access to a company's online store; (2) hackers hide malicious code on the company's website; (3) the code collects payment card information from users while they're making purchases on the infected site.


These types of attacks have been happening since 2016, but they've intensified during the last two years, in 2018 and 2019, and have become a problem that neither end-users, companies, and government agencies can ignore anymore.


Initially, these attacks were carried out by exploiting vulnerabilities in open-source e-shopping platforms, with Magento being the favorite target.


However, over the past two years, hackers have greatly diversified their attack methodology, and any online store is now susceptible to attacks, regardless if it runs on top of an open-source platform like Magento, or a cloud-hosted service.




Among the exploitation scenarios that have been observed, and which led to an e-skimming incident, we list:


Hacking a third-party company that provides widgets that load on online stores (tech support widgets, EU cookie compliance, etc). In this scenario, the malicious code is loaded via the hacked third-party service.
Placing the malicious code inside a company's cloud hosting account that has been left open to outsiders, with "write" privileges. In this case, the attacker effectively modifies a site's source code ..