The Magecart saga continues

The Magecart saga continues

Last month we learned about another unfortunate victim of the Magecart hacking group, Newegg.com. For over a month, Newegg customers had their credit card information skimmed whenever they made a purchase on the Newegg website. The attack was facilitated by malicious code inserted into Newegg’s own JavaScript. For a detailed explanation of how the attack worked, check here.

What should we learn from this attack?

The future of Magecart & other attackers

How to protect your website and your customers' data

Cloud services like Instart, which enable you to gain visibility and control into all the 1st, 3rd, 4th, and 5th party code that is assembled in the browser, will help you:

  • Understand which scripts actually load on a customers browser and which piece of code eventually loaded Magecart’s attack snippet — and then remember how the code got there.
  • Prevent exfiltration of customer data by preventing the Magecart code from connecting to the data exfiltration site
  • Block 3rd party services from running if they have been compromised, or prevent these services from accessing secure fields and exfiltrating data
  • Understand which scripts cause performance issues at the browser for customers

Instart maintains a presence in both the cloud and the browser, therefore we receive telemetry from the browser regarding exactly what scripts are running, how each script is initiated, and where each script is trying to communicate to. We also provide control of these resources, with the ability to allow individual JavaScript calls, defer them, or block them all together.

Takeaway