Magecart 5 is targeting Layer 7 routers used in airports, casinos, hotels, and resorts, and others, to steal credit card data on popular US and Chinese shopping sites.
| player version | 0.42.297 |
| stream type | HLS |
| playback state | 2 |
| duration | 386.88651099999936 |
| current time | 9.51 |
| buffer length | 114.08 |
| total dropped frames | 14 |
| average dropped (fps) | 0.04 |
| playback framerate (fps) | 24.14 |
| switching mode | auto |
| transition state | complete |
| start index bitrate (B/s) | -0.00k |
| current index bitrate (B/s) | 1.83M |
| current bandwidth (B/s) | 42.38M |
-
Top 5 ways to build consensus/ September 23, 2019 -
Layoff limbo: 10 ways to survive/ September 20, 2019 -
Saying "yes" to no-meeting days increases producti.../ September 20, 2019 -
How to become a CIO: A cheat sheet/ September 18, 2019 -
Top 5 soft skills you should know/ September 17, 2019 -
Beyond price: Successful vendor selection often re.../ September 12, 2019 -
Is job hopping a myth? 55% of workers want to stay.../ September 12, 2019 -
How breaking out of comfort zones is necessary for.../ August 27, 2019 -
How mentorship benefits both the mentor and mentee/ August 27, 2019 -
Top 5 ways to get to inbox zero/ August 27, 2019
Researchers from IBM's X-Force Incident Response and Intelligence Services (IRIS) team identified a Magecart campaign targeting commercial-grade Layer 7 routers—used in large venues that serve a transient user base such as airports, casinos, hotels, and resorts—to exfiltrate credit card data from users shopping for goods on US and Chinese websites.
The routers in question are capable of injecting advertisements into web pages viewed on websites using this connection in an effort to recuperate costs of running free Wi-Fi service. While IRIS is quick to note that there is no evidence of vendor compromise, the attackers are exploring resources provided by the device vendor.
SEE: 10 tips for new cybersecurity pros (free PDF) (TechRepublic)
IRIS identified roughly 17 files uploaded to VirusTotal with minor changes and behavioral differences, including JavaScript skimmers, referrer redirectors, random domain generators, and script injectors. Uploading test code to VirusTotal by malicious actors to determine if a payload is detected as a threat is a common practice.
Make sure your employees know how to spot potential security breaches and how they should respond. This policy describes the signs that might point to a security incident and offers guidelines on the steps they should take. From the policy: Summary ...
The novel part is the resource being leveraged in the attack. Level 7 routers provides "access to a large number of captive users with very high turnover, like in the case of airports or hotels," according to IRIS, making it a "a lucrative concept for attackers looking to compromise payment data. We believe that [Magecart] aims to find and infect web resources loaded by L7 routers with its malicious code, and possibly also inject malicious ads that captive users have to click on to eventually connect to the internet," the report stated.
IRIS advises that ecommerce retailers use extension blacklists, as well as scrutinize vendor-provided JavaScript files for integrity.
Magecart refers to at least 12 distinct financially-motivated cybercrime groups that leverage online skimming attacks to exfiltrate credit card data. The most active of these groups, Magecart 5 (MG5), is posited by IRIS to be the origin of router attack.
The IRIS report lands amid a burst of activity from Magecart threat groups. For more, check out "Old Magecart web domains resurrected for fraudulent ad schemes" and "Magecart strikes again: hotel booking websites come under fire" on ZDNet.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up todayAlso see
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
.jpg)