NCSC alerts 4,000 online retailers about Magecart attacks

NCSC alerts over 4,000 small online retailers about Magecart attacks

Image:
NCSC alerts over 4,000 small online retailers about Magecart attacks

Hackers will attempt to target online shoppers on Black Friday and Cyber Monday, it warns

The UK's National Cyber Security Centre (NCSC) says it has warned owners of more than 4,000 small online retailers in Britain that their sites had been compromised by hackers in Magecart attacks aimed at stealing customers' payment details.

The agency is now urging the stores to keep their software up-to-date to avoid financial and reputational damage to their business.

Magecart (also known as web skimming or e-skimming) is a common term used for different threat groups that target organisations' payments systems by taking advantage of security flaws in ecommerce systems.

The gangs inject subtle JavaScript code onto the pages of ecommerce sites to exfiltrate credit card and personal details of customers as they check out.

Magecart breaches can be difficult to detect, as many companies remain unaware that their software have been compromised by hackers. That allows the attackers to persist for weeks or even months and years without being noticed.

The NCSC says the majority of compromised online shops it identified had been compromised via a known security weakness in Magento, a popular e-commerce platform.

It identified 4,151 compromised online shops up to the end of September and alerted retailers to the security bugs.

The NCSC says it had been monitoring those stores since April 2020 through its Active Cyber Defence programme, which aims to eliminate malicious websites and scams from the internet.

"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps," the Chancellor of the Duchy of Lancaster Steve Barclay MP said.

"It's critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium."

People that wish to carry out online shopping this Black Friday must ensure that they only shop on trustworthy online platform and avoid clicking links on suspicious text messages and emails. Sometimes such messages include offers that sound too good to be true.

Shoppers should type in the online store's URL into their browser window themselves, instead of clicking a link they received via text or a Facebook feed.

"Skimming and other cyber security breaches are a threat to all retailers," British Retail Consortium assistant director for consumer, competition and regulatory affairs Graham Wynn noted.

"The British Retail Consortium strongly urges all retailers to follow the NCSC's advice and check their preparedness for any cyber issues that could arise during the busy end of year period."

The number of web-skimming attacks is constantly on the rise, according to cyber security experts.

Earlier this month, researchers at security firm Malwarebytes said they had uncovered a new Magecart threat actor that used a unique form of evasion to ensure it bypasses virtual machines set up by security researchers to pick up Magecart activity.

Last year, researchers warned of a new Magecart campaign that used malicious scripts hidden in the EXIF data of a favicon image to steal payment card details of customers.

The website of NutriBullet, the fashionable maker of the eponymous blender, was also compromised last year by a group classified as Magecart Group 8.

In October 2019, researchers warned that up to 20,000 ecommerce websites were at risk of Magecart attacks following Volusion server compromise.