In an operation carried out by Indonesian National Police, dubbed Operation Night Fury, three men were arrested for participating in Magecart style attacks. Magecart attacks refer to a method of stealing payment card and customer information from online shopping websites by inserting JavaScript code into the checkout page. The operation was carried out in coordination with Interpol’s ASEAN (Association of Southeast Asian Nations) Cyber Capability Desk. The three men were all arrested in Jakarta and Yogyakarta in December, though details of the operation are just now being made public. These arrests were only part of the operation; activities are still ongoing in five other unnamed nations which are part of Interpol’s ASEAN. Indonesian police claim the hackers had compromised 12 e-commerce websites; however, industry experts believe that this same group was actually responsible for credit card theft at more than 571 online shops.
Analyst Notes
Magecart is typically treated as a single threat actor group. However, it is actually a collection of criminal groups who utilize a specific means of attacking e-commerce sites to steal customer data, including payment details. Magecart attacks sometimes involve compromising websites by exploiting unpatched vulnerabilities in Magento and WordPress sites. Other Magecart attacks have exploited a shared service provider that provides a platform for many e-commerce sites and inserted malicious code to steal from all of the sites. It is very difficult for customers to be able to identify a site that has been compromised by a Magecart attack. One of the best means of defense against having payment details stolen when using an e-commerce site is to utilize services that allow customers to create a virtual credit card number, generated specifically for that transaction. If a virtual credit card number is stolen, it cannot be used to make purchases elsewhere by the criminals. More details on these arrests can be found at https://thehackernews.com/2020/01/indonesian-magecart-hackers.html?m=1
