With the rise in attacks against a variety of industries, especially during the lockdown period, it has been a challenge to keep the front line of defense in the best shape throughout. Lately, Magecart attackers have been attempting to expand their territory, requiring organizations to be super-vigilant.
Making the headlines
Web skimmers are used to test new ways to circumvent vulnerable networks and conceal malware within systems. Recently, Magecart actors were found using web skimmers to target two of the world's biggest retail chains.
Security firms Sanguine Security and ESET have confirmed breaches in the websites of two companies - Claire's and Intersport, respectively.
Attackers also hid malicious code to record payment card details entered during the checkout process of these websites.
As per reports, Claire's website, along with its sister-site Icing, were compromised between April 25 and April 30.
More about Claire’s attack
Cybercriminals registered the domain name claires-assets[.]com, just a day after the store closed all of its 3000 physical locations due the COVID-19 threat.
The group then unleashed the attack on a server hosted on the Salesforce Commerce Cloud by attaching skimmer to a submit button on the checkout form.
Attackers deliberately chose an image file for the exfiltration of data since image requests are not often monitored by security systems.
The attack lasted for a month and a half, and the financial damage caused is not known as of now.
Some info about Intersport attack
ESET researchers also revealed that the attack compromised the retailer’s website twice.
When the first attack took place on April 30, its systems were cleaned on May 3 upon the detection of malware. Then there was another attack on May 14.
The infected onli ..
Support the originator by clicking the read the rest link below.
