What’s the vulnerability Magecart takes advantage of?
More than 17,000 domains have been successfully hit by Magecart attacks and attackers keep evolving the malware in an effort to steal credit card information on the web. Effected consumers must check their credit card statements for fraudulent transactions or apply for a new credit card right away. Once your credit card information is stolen, the card number is sold on the dark web for future fraudulent purchases.
Magecart works by taking advantage of an infrastructure vulnerability caused by misconfiguration. The misconfiguration enables an attacker to discover a potentially vulnerable website (using a shotgun approach) and upload the malicious code to service provider. The attackers are targeting unsecured Amazon S3 buckets hosted by Amazon Web Services (AWS) on behalf of the business hosting the website. AWS provides several tools and checks to avoid this type of attack, from actively displaying warnings in the AWS Management Console when an S3 bucket is actively configured this way, to providing tools and frameworks for evaluating infrastructure to be well-architected to avoid this issue, and even providing ways to executively block development teams from accidentally creating this vulnerability through accidental misconfiguration.
For businesses that accept payments online, the best way to mitigate financial or reputation damage from breached consumer credit card data is by adopting a layered approach to security, applying defence in-depth, by adopting technologies that identifying customers by their online behavior instead of relying on credentials or credit card numbers. This method allows companies to block transactions from credit cards that have been stolen without impacting consumers.
Related to this post Fraudsters don’t take holidays – They wait to take advantage of them