According to researchers at Sucuri, a shift in Magecart e-skimming attacks has been seen. Magecart is used as an umbrella term for all e-skimming style attacks, which are used to steal credit card data from e-commerce websites. As of July 2021, researchers stated that e-commerce websites based on WordPress are now targeted more in attacks than the previous website platform, Magento. Researchers also stated that this shift was not unexpected and that as more people moved from having websites on Magento to WordPress, it was only a matter of time before attackers realized this and made the switch as well. This data is based on front-facing skimmers primarily using JavaScript and not the back-end PHP-based or inserted scripts that steal card data that are also common ways of carrying out the attack.
Analyst Notes
E-commerce website owners need to be aware of the risks that come with hosting these types of websites and do everything in their ability to protect their customers when they are using their websites. Anyone that does shopping online also needs to be aware of the threats associated with it. To prevent fraudulent charges by Magecart or any other credit card thieves, consumers should sign up for one-time use credit cards, which can be purchased through verified services or some banks. These services allow the consumer to purchase a pre-loaded credit card that can only be used once, or used multiple times but has a balance of zero until the money is added to it. By keeping the balance at zero, if the card were to be compromised, an attacker would not be able to purchase anything with the number. One-time use cards provide the buyer with a credit card number that expires after the purchase. Though these cards may seem like a hassle for many, they do not take that much time to register for and will relieve consumers of the stress that could be caused by having a card compromised.
